2 * Copyright (c) 2003-2010 Tim Kientzle
3 * Copyright (c) 2012 Michihiro NAKAJIMA
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer
11 * in this position and unchanged.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19 * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 #include "archive_platform.h"
29 __FBSDID("$FreeBSD$");
31 #if !defined(_WIN32) || defined(__CYGWIN__)
33 #ifdef HAVE_SYS_TYPES_H
34 #include <sys/types.h>
39 #ifdef HAVE_SYS_EXTATTR_H
40 #include <sys/extattr.h>
42 #if defined(HAVE_SYS_XATTR_H)
43 #include <sys/xattr.h>
44 #elif defined(HAVE_ATTR_XATTR_H)
45 #include <attr/xattr.h>
50 #ifdef HAVE_SYS_IOCTL_H
51 #include <sys/ioctl.h>
53 #ifdef HAVE_SYS_STAT_H
56 #ifdef HAVE_SYS_TIME_H
59 #ifdef HAVE_SYS_UTIME_H
60 #include <sys/utime.h>
62 #ifdef HAVE_COPYFILE_H
74 #ifdef HAVE_LANGINFO_H
77 #ifdef HAVE_LINUX_FS_H
78 #include <linux/fs.h> /* for Linux file flags */
81 * Some Linux distributions have both linux/ext2_fs.h and ext2fs/ext2_fs.h.
82 * As the include guards don't agree, the order of include is important.
84 #ifdef HAVE_LINUX_EXT2_FS_H
85 #include <linux/ext2_fs.h> /* for Linux file flags */
87 #if defined(HAVE_EXT2FS_EXT2_FS_H) && !defined(__CYGWIN__)
88 #include <ext2fs/ext2_fs.h> /* Linux file flags, broken on Cygwin */
109 #ifdef F_GETTIMES /* Tru64 specific */
110 #include <sys/fcntl1.h>
114 #include <TargetConditionals.h>
115 #if TARGET_OS_MAC && !TARGET_OS_EMBEDDED && HAVE_QUARANTINE_H
116 #include <quarantine.h>
117 #define HAVE_QUARANTINE 1
125 /* TODO: Support Mac OS 'quarantine' feature. This is really just a
126 * standard tag to mark files that have been downloaded as "tainted".
127 * On Mac OS, we should mark the extracted files as tainted if the
128 * archive being read was tainted. Windows has a similar feature; we
129 * should investigate ways to support this generically. */
132 #include "archive_acl_private.h"
133 #include "archive_string.h"
134 #include "archive_endian.h"
135 #include "archive_entry.h"
136 #include "archive_private.h"
137 #include "archive_write_disk_private.h"
147 struct fixup_entry *next;
148 struct archive_acl acl;
154 unsigned long atime_nanos;
155 unsigned long birthtime_nanos;
156 unsigned long mtime_nanos;
157 unsigned long ctime_nanos;
158 unsigned long fflags_set;
159 size_t mac_metadata_size;
161 int fixup; /* bitmask of what needs fixing */
166 * We use a bitmask to track which operations remain to be done for
167 * this file. In particular, this helps us avoid unnecessary
168 * operations when it's possible to take care of one step as a
169 * side-effect of another. For example, mkdir() can specify the mode
170 * for the newly-created object but symlink() cannot. This means we
171 * can skip chmod() if mkdir() succeeded, but we must explicitly
172 * chmod() if we're trying to create a directory that already exists
173 * (mkdir() failed) or if we're restoring a symlink. Similarly, we
174 * need to verify UID/GID before trying to restore SUID/SGID bits;
175 * that verification can occur explicitly through a stat() call or
176 * implicitly because of a successful chown() call.
178 #define TODO_MODE_FORCE 0x40000000
179 #define TODO_MODE_BASE 0x20000000
180 #define TODO_SUID 0x10000000
181 #define TODO_SUID_CHECK 0x08000000
182 #define TODO_SGID 0x04000000
183 #define TODO_SGID_CHECK 0x02000000
184 #define TODO_APPLEDOUBLE 0x01000000
185 #define TODO_MODE (TODO_MODE_BASE|TODO_SUID|TODO_SGID)
186 #define TODO_TIMES ARCHIVE_EXTRACT_TIME
187 #define TODO_OWNER ARCHIVE_EXTRACT_OWNER
188 #define TODO_FFLAGS ARCHIVE_EXTRACT_FFLAGS
189 #define TODO_ACLS ARCHIVE_EXTRACT_ACL
190 #define TODO_XATTR ARCHIVE_EXTRACT_XATTR
191 #define TODO_MAC_METADATA ARCHIVE_EXTRACT_MAC_METADATA
192 #define TODO_HFS_COMPRESSION ARCHIVE_EXTRACT_HFS_COMPRESSION_FORCED
194 struct archive_write_disk {
195 struct archive archive;
198 struct fixup_entry *fixup_list;
199 struct fixup_entry *current_fixup;
202 int64_t skip_file_dev;
203 int64_t skip_file_ino;
206 int64_t (*lookup_gid)(void *private, const char *gname, int64_t gid);
207 void (*cleanup_gid)(void *private);
208 void *lookup_gid_data;
209 int64_t (*lookup_uid)(void *private, const char *uname, int64_t uid);
210 void (*cleanup_uid)(void *private);
211 void *lookup_uid_data;
214 * Full path of last file to satisfy symlink checks.
216 struct archive_string path_safe;
219 * Cached stat data from disk for the current entry.
220 * If this is valid, pst points to st. Otherwise,
226 /* Information about the object being restored right now. */
227 struct archive_entry *entry; /* Entry being extracted. */
228 char *name; /* Name of entry, possibly edited. */
229 struct archive_string _name_data; /* backing store for 'name' */
230 /* Tasks remaining for this object. */
232 /* Tasks deferred until end-of-archive. */
234 /* Options requested by the client. */
236 /* Handle for the file we're restoring. */
238 /* Current offset for writing data to the file. */
240 /* Last offset actually written to disk. */
242 /* Total bytes actually written to files. */
243 int64_t total_bytes_written;
244 /* Maximum size of file, -1 if unknown. */
246 /* Dir we were in before this restore; only for deep paths. */
248 /* Mode we should use for this entry; affected by _PERM and umask. */
250 /* UID/GID to use in restoring this entry. */
256 /* Xattr "com.apple.decmpfs". */
257 uint32_t decmpfs_attr_size;
258 unsigned char *decmpfs_header_p;
259 /* ResourceFork set options used for fsetxattr. */
260 int rsrc_xattr_options;
261 /* Xattr "com.apple.ResourceFork". */
262 unsigned char *resource_fork;
263 size_t resource_fork_allocated_size;
264 unsigned int decmpfs_block_count;
265 uint32_t *decmpfs_block_info;
266 /* Buffer for compressed data. */
267 unsigned char *compressed_buffer;
268 size_t compressed_buffer_size;
269 size_t compressed_buffer_remaining;
270 /* The offset of the ResourceFork where compressed data will
272 uint32_t compressed_rsrc_position;
273 uint32_t compressed_rsrc_position_v;
274 /* Buffer for uncompressed data. */
275 char *uncompressed_buffer;
276 size_t block_remaining_bytes;
277 size_t file_remaining_bytes;
281 int decmpfs_compression_level;
286 * Default mode for dirs created automatically (will be modified by umask).
287 * Note that POSIX specifies 0777 for implicitly-created dirs, "modified
288 * by the process' file creation mask."
290 #define DEFAULT_DIR_MODE 0777
292 * Dir modes are restored in two steps: During the extraction, the permissions
293 * in the archive are modified to match the following limits. During
294 * the post-extract fixup pass, the permissions from the archive are
297 #define MINIMUM_DIR_MODE 0700
298 #define MAXIMUM_DIR_MODE 0775
301 * Maxinum uncompressed size of a decmpfs block.
303 #define MAX_DECMPFS_BLOCK_SIZE (64 * 1024)
305 * HFS+ compression type.
307 #define CMP_XATTR 3/* Compressed data in xattr. */
308 #define CMP_RESOURCE_FORK 4/* Compressed data in resource fork. */
310 * HFS+ compression resource fork.
312 #define RSRC_H_SIZE 260 /* Base size of Resource fork header. */
313 #define RSRC_F_SIZE 50 /* Size of Resource fork footer. */
314 /* Size to write compressed data to resource fork. */
315 #define COMPRESSED_W_SIZE (64 * 1024)
316 /* decmpfs difinitions. */
317 #define MAX_DECMPFS_XATTR_SIZE 3802
318 #ifndef DECMPFS_XATTR_NAME
319 #define DECMPFS_XATTR_NAME "com.apple.decmpfs"
321 #define DECMPFS_MAGIC 0x636d7066
322 #define DECMPFS_COMPRESSION_MAGIC 0
323 #define DECMPFS_COMPRESSION_TYPE 4
324 #define DECMPFS_UNCOMPRESSED_SIZE 8
325 #define DECMPFS_HEADER_SIZE 16
327 #define HFS_BLOCKS(s) ((s) >> 12)
329 static int check_symlinks(struct archive_write_disk *);
330 static int create_filesystem_object(struct archive_write_disk *);
331 static struct fixup_entry *current_fixup(struct archive_write_disk *, const char *pathname);
332 #if defined(HAVE_FCHDIR) && defined(PATH_MAX)
333 static void edit_deep_directories(struct archive_write_disk *ad);
335 static int cleanup_pathname(struct archive_write_disk *);
336 static int create_dir(struct archive_write_disk *, char *);
337 static int create_parent_dir(struct archive_write_disk *, char *);
338 static ssize_t hfs_write_data_block(struct archive_write_disk *,
339 const char *, size_t);
340 static int fixup_appledouble(struct archive_write_disk *, const char *);
341 static int older(struct stat *, struct archive_entry *);
342 static int restore_entry(struct archive_write_disk *);
343 static int set_mac_metadata(struct archive_write_disk *, const char *,
344 const void *, size_t);
345 static int set_xattrs(struct archive_write_disk *);
346 static int set_fflags(struct archive_write_disk *);
347 static int set_fflags_platform(struct archive_write_disk *, int fd,
348 const char *name, mode_t mode,
349 unsigned long fflags_set, unsigned long fflags_clear);
350 static int set_ownership(struct archive_write_disk *);
351 static int set_mode(struct archive_write_disk *, int mode);
352 static int set_time(int, int, const char *, time_t, long, time_t, long);
353 static int set_times(struct archive_write_disk *, int, int, const char *,
354 time_t, long, time_t, long, time_t, long, time_t, long);
355 static int set_times_from_entry(struct archive_write_disk *);
356 static struct fixup_entry *sort_dir_list(struct fixup_entry *p);
357 static ssize_t write_data_block(struct archive_write_disk *,
358 const char *, size_t);
360 static struct archive_vtable *archive_write_disk_vtable(void);
362 static int _archive_write_disk_close(struct archive *);
363 static int _archive_write_disk_free(struct archive *);
364 static int _archive_write_disk_header(struct archive *, struct archive_entry *);
365 static int64_t _archive_write_disk_filter_bytes(struct archive *, int);
366 static int _archive_write_disk_finish_entry(struct archive *);
367 static ssize_t _archive_write_disk_data(struct archive *, const void *, size_t);
368 static ssize_t _archive_write_disk_data_block(struct archive *, const void *, size_t, int64_t);
371 lazy_stat(struct archive_write_disk *a)
373 if (a->pst != NULL) {
374 /* Already have stat() data available. */
378 if (a->fd >= 0 && fstat(a->fd, &a->st) == 0) {
384 * XXX At this point, symlinks should not be hit, otherwise
385 * XXX a race occurred. Do we want to check explicitly for that?
387 if (lstat(a->name, &a->st) == 0) {
391 archive_set_error(&a->archive, errno, "Couldn't stat file");
392 return (ARCHIVE_WARN);
395 static struct archive_vtable *
396 archive_write_disk_vtable(void)
398 static struct archive_vtable av;
399 static int inited = 0;
402 av.archive_close = _archive_write_disk_close;
403 av.archive_filter_bytes = _archive_write_disk_filter_bytes;
404 av.archive_free = _archive_write_disk_free;
405 av.archive_write_header = _archive_write_disk_header;
406 av.archive_write_finish_entry
407 = _archive_write_disk_finish_entry;
408 av.archive_write_data = _archive_write_disk_data;
409 av.archive_write_data_block = _archive_write_disk_data_block;
416 _archive_write_disk_filter_bytes(struct archive *_a, int n)
418 struct archive_write_disk *a = (struct archive_write_disk *)_a;
419 (void)n; /* UNUSED */
420 if (n == -1 || n == 0)
421 return (a->total_bytes_written);
427 archive_write_disk_set_options(struct archive *_a, int flags)
429 struct archive_write_disk *a = (struct archive_write_disk *)_a;
437 * Extract this entry to disk.
439 * TODO: Validate hardlinks. According to the standards, we're
440 * supposed to check each extracted hardlink and squawk if it refers
441 * to a file that we didn't restore. I'm not entirely convinced this
442 * is a good idea, but more importantly: Is there any way to validate
443 * hardlinks without keeping a complete list of filenames from the
444 * entire archive?? Ugh.
448 _archive_write_disk_header(struct archive *_a, struct archive_entry *entry)
450 struct archive_write_disk *a = (struct archive_write_disk *)_a;
451 struct fixup_entry *fe;
454 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
455 ARCHIVE_STATE_HEADER | ARCHIVE_STATE_DATA,
456 "archive_write_disk_header");
457 archive_clear_error(&a->archive);
458 if (a->archive.state & ARCHIVE_STATE_DATA) {
459 r = _archive_write_disk_finish_entry(&a->archive);
460 if (r == ARCHIVE_FATAL)
464 /* Set up for this particular entry. */
466 a->current_fixup = NULL;
469 archive_entry_free(a->entry);
472 a->entry = archive_entry_clone(entry);
477 a->uid = a->user_uid;
478 a->mode = archive_entry_mode(a->entry);
479 if (archive_entry_size_is_set(a->entry))
480 a->filesize = archive_entry_size(a->entry);
483 archive_strcpy(&(a->_name_data), archive_entry_pathname(a->entry));
484 a->name = a->_name_data.s;
485 archive_clear_error(&a->archive);
488 * Clean up the requested path. This is necessary for correct
489 * dir restores; the dir restore logic otherwise gets messed
490 * up by nonsense like "dir/.".
492 ret = cleanup_pathname(a);
493 if (ret != ARCHIVE_OK)
497 * Query the umask so we get predictable mode settings.
498 * This gets done on every call to _write_header in case the
499 * user edits their umask during the extraction for some
502 umask(a->user_umask = umask(0));
504 /* Figure out what we need to do for this entry. */
505 a->todo = TODO_MODE_BASE;
506 if (a->flags & ARCHIVE_EXTRACT_PERM) {
507 a->todo |= TODO_MODE_FORCE; /* Be pushy about permissions. */
509 * SGID requires an extra "check" step because we
510 * cannot easily predict the GID that the system will
511 * assign. (Different systems assign GIDs to files
512 * based on a variety of criteria, including process
513 * credentials and the gid of the enclosing
514 * directory.) We can only restore the SGID bit if
515 * the file has the right GID, and we only know the
516 * GID if we either set it (see set_ownership) or if
517 * we've actually called stat() on the file after it
518 * was restored. Since there are several places at
519 * which we might verify the GID, we need a TODO bit
522 if (a->mode & S_ISGID)
523 a->todo |= TODO_SGID | TODO_SGID_CHECK;
525 * Verifying the SUID is simpler, but can still be
526 * done in multiple ways, hence the separate "check" bit.
528 if (a->mode & S_ISUID)
529 a->todo |= TODO_SUID | TODO_SUID_CHECK;
532 * User didn't request full permissions, so don't
533 * restore SUID, SGID bits and obey umask.
538 a->mode &= ~a->user_umask;
540 if (a->flags & ARCHIVE_EXTRACT_OWNER)
541 a->todo |= TODO_OWNER;
542 if (a->flags & ARCHIVE_EXTRACT_TIME)
543 a->todo |= TODO_TIMES;
544 if (a->flags & ARCHIVE_EXTRACT_ACL) {
545 if (archive_entry_filetype(a->entry) == AE_IFDIR)
546 a->deferred |= TODO_ACLS;
548 a->todo |= TODO_ACLS;
550 if (a->flags & ARCHIVE_EXTRACT_MAC_METADATA) {
551 if (archive_entry_filetype(a->entry) == AE_IFDIR)
552 a->deferred |= TODO_MAC_METADATA;
554 a->todo |= TODO_MAC_METADATA;
556 #if defined(__APPLE__) && defined(UF_COMPRESSED) && defined(HAVE_ZLIB_H)
557 if ((a->flags & ARCHIVE_EXTRACT_NO_HFS_COMPRESSION) == 0) {
558 unsigned long set, clear;
559 archive_entry_fflags(a->entry, &set, &clear);
560 if ((set & ~clear) & UF_COMPRESSED) {
561 a->todo |= TODO_HFS_COMPRESSION;
562 a->decmpfs_block_count = (unsigned)-1;
565 if ((a->flags & ARCHIVE_EXTRACT_HFS_COMPRESSION_FORCED) != 0 &&
566 (a->mode & AE_IFMT) == AE_IFREG && a->filesize > 0) {
567 a->todo |= TODO_HFS_COMPRESSION;
568 a->decmpfs_block_count = (unsigned)-1;
573 /* Check if the current file name is a type of the
574 * resource fork file. */
575 p = strrchr(a->name, '/');
580 if (p[0] == '.' && p[1] == '_') {
581 /* Do not compress "._XXX" files. */
582 a->todo &= ~TODO_HFS_COMPRESSION;
584 a->todo |= TODO_APPLEDOUBLE;
589 if (a->flags & ARCHIVE_EXTRACT_XATTR)
590 a->todo |= TODO_XATTR;
591 if (a->flags & ARCHIVE_EXTRACT_FFLAGS)
592 a->todo |= TODO_FFLAGS;
593 if (a->flags & ARCHIVE_EXTRACT_SECURE_SYMLINKS) {
594 ret = check_symlinks(a);
595 if (ret != ARCHIVE_OK)
598 #if defined(HAVE_FCHDIR) && defined(PATH_MAX)
599 /* If path exceeds PATH_MAX, shorten the path. */
600 edit_deep_directories(a);
603 ret = restore_entry(a);
605 #if defined(__APPLE__) && defined(UF_COMPRESSED) && defined(HAVE_ZLIB_H)
607 * Check if the filesystem the file is restoring on supports
608 * HFS+ Compression. If not, cancel HFS+ Compression.
610 if (a->todo | TODO_HFS_COMPRESSION) {
612 * NOTE: UF_COMPRESSED is ignored even if the filesystem
613 * supports HFS+ Compression because the file should
614 * have at least an extended attriute "com.apple.decmpfs"
615 * before the flag is set to indicate that the file have
616 * been compressed. If hte filesystem does not support
617 * HFS+ Compression the system call will fail.
619 if (a->fd < 0 || fchflags(a->fd, UF_COMPRESSED) != 0)
620 a->todo &= ~TODO_HFS_COMPRESSION;
625 * TODO: There are rumours that some extended attributes must
626 * be restored before file data is written. If this is true,
627 * then we either need to write all extended attributes both
628 * before and after restoring the data, or find some rule for
629 * determining which must go first and which last. Due to the
630 * many ways people are using xattrs, this may prove to be an
631 * intractable problem.
635 /* If we changed directory above, restore it here. */
636 if (a->restore_pwd >= 0) {
637 r = fchdir(a->restore_pwd);
639 archive_set_error(&a->archive, errno, "chdir() failure");
642 close(a->restore_pwd);
648 * Fixup uses the unedited pathname from archive_entry_pathname(),
649 * because it is relative to the base dir and the edited path
650 * might be relative to some intermediate dir as a result of the
651 * deep restore logic.
653 if (a->deferred & TODO_MODE) {
654 fe = current_fixup(a, archive_entry_pathname(entry));
656 return (ARCHIVE_FATAL);
657 fe->fixup |= TODO_MODE_BASE;
661 if ((a->deferred & TODO_TIMES)
662 && (archive_entry_mtime_is_set(entry)
663 || archive_entry_atime_is_set(entry))) {
664 fe = current_fixup(a, archive_entry_pathname(entry));
666 return (ARCHIVE_FATAL);
668 fe->fixup |= TODO_TIMES;
669 if (archive_entry_atime_is_set(entry)) {
670 fe->atime = archive_entry_atime(entry);
671 fe->atime_nanos = archive_entry_atime_nsec(entry);
673 /* If atime is unset, use start time. */
674 fe->atime = a->start_time;
677 if (archive_entry_mtime_is_set(entry)) {
678 fe->mtime = archive_entry_mtime(entry);
679 fe->mtime_nanos = archive_entry_mtime_nsec(entry);
681 /* If mtime is unset, use start time. */
682 fe->mtime = a->start_time;
685 if (archive_entry_birthtime_is_set(entry)) {
686 fe->birthtime = archive_entry_birthtime(entry);
687 fe->birthtime_nanos = archive_entry_birthtime_nsec(entry);
689 /* If birthtime is unset, use mtime. */
690 fe->birthtime = fe->mtime;
691 fe->birthtime_nanos = fe->mtime_nanos;
695 if (a->deferred & TODO_ACLS) {
696 fe = current_fixup(a, archive_entry_pathname(entry));
698 return (ARCHIVE_FATAL);
699 fe->fixup |= TODO_ACLS;
700 archive_acl_copy(&fe->acl, archive_entry_acl(entry));
703 if (a->deferred & TODO_MAC_METADATA) {
704 const void *metadata;
705 size_t metadata_size;
706 metadata = archive_entry_mac_metadata(a->entry, &metadata_size);
707 if (metadata != NULL && metadata_size > 0) {
708 fe = current_fixup(a, archive_entry_pathname(entry));
710 return (ARCHIVE_FATAL);
711 fe->mac_metadata = malloc(metadata_size);
712 if (fe->mac_metadata != NULL) {
713 memcpy(fe->mac_metadata, metadata, metadata_size);
714 fe->mac_metadata_size = metadata_size;
715 fe->fixup |= TODO_MAC_METADATA;
720 if (a->deferred & TODO_FFLAGS) {
721 fe = current_fixup(a, archive_entry_pathname(entry));
723 return (ARCHIVE_FATAL);
724 fe->fixup |= TODO_FFLAGS;
725 /* TODO: Complete this.. defer fflags from below. */
728 /* We've created the object and are ready to pour data into it. */
729 if (ret >= ARCHIVE_WARN)
730 a->archive.state = ARCHIVE_STATE_DATA;
732 * If it's not open, tell our client not to try writing.
733 * In particular, dirs, links, etc, don't get written to.
736 archive_entry_set_size(entry, 0);
744 archive_write_disk_set_skip_file(struct archive *_a, int64_t d, int64_t i)
746 struct archive_write_disk *a = (struct archive_write_disk *)_a;
747 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
748 ARCHIVE_STATE_ANY, "archive_write_disk_set_skip_file");
749 a->skip_file_set = 1;
750 a->skip_file_dev = d;
751 a->skip_file_ino = i;
756 write_data_block(struct archive_write_disk *a, const char *buff, size_t size)
758 uint64_t start_size = size;
759 ssize_t bytes_written = 0;
760 ssize_t block_size = 0, bytes_to_write;
765 if (a->filesize == 0 || a->fd < 0) {
766 archive_set_error(&a->archive, 0,
767 "Attempt to write to an empty file");
768 return (ARCHIVE_WARN);
771 if (a->flags & ARCHIVE_EXTRACT_SPARSE) {
772 #if HAVE_STRUCT_STAT_ST_BLKSIZE
774 if ((r = lazy_stat(a)) != ARCHIVE_OK)
776 block_size = a->pst->st_blksize;
778 /* XXX TODO XXX Is there a more appropriate choice here ? */
779 /* This needn't match the filesystem allocation size. */
780 block_size = 16*1024;
784 /* If this write would run beyond the file size, truncate it. */
785 if (a->filesize >= 0 && (int64_t)(a->offset + size) > a->filesize)
786 start_size = size = (size_t)(a->filesize - a->offset);
788 /* Write the data. */
790 if (block_size == 0) {
791 bytes_to_write = size;
793 /* We're sparsifying the file. */
797 /* Skip leading zero bytes. */
798 for (p = buff, end = buff + size; p < end; ++p) {
802 a->offset += p - buff;
808 /* Calculate next block boundary after offset. */
810 = (a->offset / block_size + 1) * block_size;
812 /* If the adjusted write would cross block boundary,
813 * truncate it to the block boundary. */
814 bytes_to_write = size;
815 if (a->offset + bytes_to_write > block_end)
816 bytes_to_write = block_end - a->offset;
818 /* Seek if necessary to the specified offset. */
819 if (a->offset != a->fd_offset) {
820 if (lseek(a->fd, a->offset, SEEK_SET) < 0) {
821 archive_set_error(&a->archive, errno,
823 return (ARCHIVE_FATAL);
825 a->fd_offset = a->offset;
827 bytes_written = write(a->fd, buff, bytes_to_write);
828 if (bytes_written < 0) {
829 archive_set_error(&a->archive, errno, "Write failed");
830 return (ARCHIVE_WARN);
832 buff += bytes_written;
833 size -= bytes_written;
834 a->total_bytes_written += bytes_written;
835 a->offset += bytes_written;
836 a->fd_offset = a->offset;
838 return (start_size - size);
841 #if defined(__APPLE__) && defined(UF_COMPRESSED) && defined(HAVE_SYS_XATTR_H)\
842 && defined(HAVE_ZLIB_H)
845 * Set UF_COMPRESSED file flag.
846 * This have to be called after hfs_write_decmpfs() because if the
847 * file does not have "com.apple.decmpfs" xattr the flag is ignored.
850 hfs_set_compressed_fflag(struct archive_write_disk *a)
854 if ((r = lazy_stat(a)) != ARCHIVE_OK)
857 a->st.st_flags |= UF_COMPRESSED;
858 if (fchflags(a->fd, a->st.st_flags) != 0) {
859 archive_set_error(&a->archive, errno,
860 "Failed to set UF_COMPRESSED file flag");
861 return (ARCHIVE_WARN);
867 * HFS+ Compression decmpfs
869 * +------------------------------+ +0
870 * | Magic(LE 4 bytes) |
871 * +------------------------------+
872 * | Type(LE 4 bytes) |
873 * +------------------------------+
874 * | Uncompressed size(LE 8 bytes)|
875 * +------------------------------+ +16
877 * | Compressed data |
878 * | (Placed only if Type == 3) |
880 * +------------------------------+ +3802 = MAX_DECMPFS_XATTR_SIZE
882 * Type is 3: decmpfs has compressed data.
883 * Type is 4: Resource Fork has compressed data.
886 * Write "com.apple.decmpfs"
889 hfs_write_decmpfs(struct archive_write_disk *a)
892 uint32_t compression_type;
894 r = fsetxattr(a->fd, DECMPFS_XATTR_NAME, a->decmpfs_header_p,
895 a->decmpfs_attr_size, 0, 0);
897 archive_set_error(&a->archive, errno,
898 "Cannot restore xattr:%s", DECMPFS_XATTR_NAME);
899 compression_type = archive_le32dec(
900 &a->decmpfs_header_p[DECMPFS_COMPRESSION_TYPE]);
901 if (compression_type == CMP_RESOURCE_FORK)
902 fremovexattr(a->fd, XATTR_RESOURCEFORK_NAME,
903 XATTR_SHOWCOMPRESSION);
904 return (ARCHIVE_WARN);
910 * HFS+ Compression Resource Fork
912 * +-----------------------------+
913 * | Header(260 bytes) |
914 * +-----------------------------+
915 * | Block count(LE 4 bytes) |
916 * +-----------------------------+ --+
917 * +-- | Offset (LE 4 bytes) | |
918 * | | [distance from Block count] | | Block 0
919 * | +-----------------------------+ |
920 * | | Compressed size(LE 4 bytes) | |
921 * | +-----------------------------+ --+
923 * | | .................. |
925 * | +-----------------------------+ --+
926 * | | Offset (LE 4 bytes) | |
927 * | +-----------------------------+ | Block (Block count -1)
928 * | | Compressed size(LE 4 bytes) | |
929 * +-> +-----------------------------+ --+
930 * | Compressed data(n bytes) | Block 0
931 * +-----------------------------+
933 * | .................. |
935 * +-----------------------------+
936 * | Compressed data(n bytes) | Block (Block count -1)
937 * +-----------------------------+
938 * | Footer(50 bytes) |
939 * +-----------------------------+
943 * Write the header of "com.apple.ResourceFork"
946 hfs_write_resource_fork(struct archive_write_disk *a, unsigned char *buff,
947 size_t bytes, uint32_t position)
951 ret = fsetxattr(a->fd, XATTR_RESOURCEFORK_NAME, buff, bytes,
952 position, a->rsrc_xattr_options);
954 archive_set_error(&a->archive, errno,
955 "Cannot restore xattr: %s at %u pos %u bytes",
956 XATTR_RESOURCEFORK_NAME,
959 return (ARCHIVE_WARN);
961 a->rsrc_xattr_options &= ~XATTR_CREATE;
966 hfs_write_compressed_data(struct archive_write_disk *a, size_t bytes_compressed)
970 ret = hfs_write_resource_fork(a, a->compressed_buffer,
971 bytes_compressed, a->compressed_rsrc_position);
972 if (ret == ARCHIVE_OK)
973 a->compressed_rsrc_position += bytes_compressed;
978 hfs_write_resource_fork_header(struct archive_write_disk *a)
982 uint32_t rsrc_header_bytes;
985 * Write resource fork header + block info.
987 buff = a->resource_fork;
988 rsrc_bytes = a->compressed_rsrc_position - RSRC_F_SIZE;
990 RSRC_H_SIZE + /* Header base size. */
991 4 + /* Block count. */
992 (a->decmpfs_block_count * 8);/* Block info */
993 archive_be32enc(buff, 0x100);
994 archive_be32enc(buff + 4, rsrc_bytes);
995 archive_be32enc(buff + 8, rsrc_bytes - 256);
996 archive_be32enc(buff + 12, 0x32);
997 memset(buff + 16, 0, 240);
998 archive_be32enc(buff + 256, rsrc_bytes - 260);
999 return hfs_write_resource_fork(a, buff, rsrc_header_bytes, 0);
1003 hfs_set_resource_fork_footer(unsigned char *buff, size_t buff_size)
1005 static const char rsrc_footer[RSRC_F_SIZE] = {
1006 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1007 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1008 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1009 0x00, 0x1c, 0x00, 0x32, 0x00, 0x00, 'c', 'm',
1010 'p', 'f', 0x00, 0x00, 0x00, 0x0a, 0x00, 0x01,
1011 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1014 if (buff_size < sizeof(rsrc_footer))
1016 memcpy(buff, rsrc_footer, sizeof(rsrc_footer));
1017 return (sizeof(rsrc_footer));
1021 hfs_reset_compressor(struct archive_write_disk *a)
1025 if (a->stream_valid)
1026 ret = deflateReset(&a->stream);
1028 ret = deflateInit(&a->stream, a->decmpfs_compression_level);
1031 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1032 "Failed to initialize compressor");
1033 return (ARCHIVE_FATAL);
1035 a->stream_valid = 1;
1037 return (ARCHIVE_OK);
1041 hfs_decompress(struct archive_write_disk *a)
1043 uint32_t *block_info;
1044 unsigned int block_count;
1045 uint32_t data_pos, data_size;
1047 ssize_t bytes_written, bytes_to_write;
1050 block_info = (uint32_t *)(a->resource_fork + RSRC_H_SIZE);
1051 block_count = archive_le32dec(block_info++);
1052 while (block_count--) {
1053 data_pos = RSRC_H_SIZE + archive_le32dec(block_info++);
1054 data_size = archive_le32dec(block_info++);
1055 r = fgetxattr(a->fd, XATTR_RESOURCEFORK_NAME,
1056 a->compressed_buffer, data_size, data_pos, 0);
1057 if (r != data_size) {
1058 archive_set_error(&a->archive,
1059 (r < 0)?errno:ARCHIVE_ERRNO_MISC,
1060 "Failed to read resource fork");
1061 return (ARCHIVE_WARN);
1063 if (a->compressed_buffer[0] == 0xff) {
1064 bytes_to_write = data_size -1;
1065 b = a->compressed_buffer + 1;
1067 uLong dest_len = MAX_DECMPFS_BLOCK_SIZE;
1070 zr = uncompress((Bytef *)a->uncompressed_buffer,
1071 &dest_len, a->compressed_buffer, data_size);
1073 archive_set_error(&a->archive,
1075 "Failed to decompress resource fork");
1076 return (ARCHIVE_WARN);
1078 bytes_to_write = dest_len;
1079 b = (unsigned char *)a->uncompressed_buffer;
1082 bytes_written = write(a->fd, b, bytes_to_write);
1083 if (bytes_written < 0) {
1084 archive_set_error(&a->archive, errno,
1086 return (ARCHIVE_WARN);
1088 bytes_to_write -= bytes_written;
1090 } while (bytes_to_write > 0);
1092 r = fremovexattr(a->fd, XATTR_RESOURCEFORK_NAME, 0);
1094 archive_set_error(&a->archive, errno,
1095 "Failed to remove resource fork");
1096 return (ARCHIVE_WARN);
1098 return (ARCHIVE_OK);
1102 hfs_drive_compressor(struct archive_write_disk *a, const char *buff,
1105 unsigned char *buffer_compressed;
1106 size_t bytes_compressed;
1110 ret = hfs_reset_compressor(a);
1111 if (ret != ARCHIVE_OK)
1114 if (a->compressed_buffer == NULL) {
1117 block_size = COMPRESSED_W_SIZE + RSRC_F_SIZE +
1118 + compressBound(MAX_DECMPFS_BLOCK_SIZE);
1119 a->compressed_buffer = malloc(block_size);
1120 if (a->compressed_buffer == NULL) {
1121 archive_set_error(&a->archive, ENOMEM,
1122 "Can't allocate memory for Resource Fork");
1123 return (ARCHIVE_FATAL);
1125 a->compressed_buffer_size = block_size;
1126 a->compressed_buffer_remaining = block_size;
1129 buffer_compressed = a->compressed_buffer +
1130 a->compressed_buffer_size - a->compressed_buffer_remaining;
1131 a->stream.next_in = (Bytef *)(uintptr_t)(const void *)buff;
1132 a->stream.avail_in = size;
1133 a->stream.next_out = buffer_compressed;
1134 a->stream.avail_out = a->compressed_buffer_remaining;
1136 ret = deflate(&a->stream, Z_FINISH);
1142 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1143 "Failed to compress data");
1144 return (ARCHIVE_FAILED);
1146 } while (ret == Z_OK);
1147 bytes_compressed = a->compressed_buffer_remaining - a->stream.avail_out;
1150 * If the compressed size is larger than the original size,
1151 * throw away compressed data, use uncompressed data instead.
1153 if (bytes_compressed > size) {
1154 buffer_compressed[0] = 0xFF;/* uncompressed marker. */
1155 memcpy(buffer_compressed + 1, buff, size);
1156 bytes_compressed = size + 1;
1158 a->compressed_buffer_remaining -= bytes_compressed;
1161 * If the compressed size is smaller than MAX_DECMPFS_XATTR_SIZE
1162 * and the block count in the file is only one, store compressed
1163 * data to decmpfs xattr instead of the resource fork.
1165 if (a->decmpfs_block_count == 1 &&
1166 (a->decmpfs_attr_size + bytes_compressed)
1167 <= MAX_DECMPFS_XATTR_SIZE) {
1168 archive_le32enc(&a->decmpfs_header_p[DECMPFS_COMPRESSION_TYPE],
1170 memcpy(a->decmpfs_header_p + DECMPFS_HEADER_SIZE,
1171 buffer_compressed, bytes_compressed);
1172 a->decmpfs_attr_size += bytes_compressed;
1173 a->compressed_buffer_remaining = a->compressed_buffer_size;
1175 * Finish HFS+ Compression.
1176 * - Write the decmpfs xattr.
1177 * - Set the UF_COMPRESSED file flag.
1179 ret = hfs_write_decmpfs(a);
1180 if (ret == ARCHIVE_OK)
1181 ret = hfs_set_compressed_fflag(a);
1185 /* Update block info. */
1186 archive_le32enc(a->decmpfs_block_info++,
1187 a->compressed_rsrc_position_v - RSRC_H_SIZE);
1188 archive_le32enc(a->decmpfs_block_info++, bytes_compressed);
1189 a->compressed_rsrc_position_v += bytes_compressed;
1192 * Write the compressed data to the resource fork.
1194 bytes_used = a->compressed_buffer_size - a->compressed_buffer_remaining;
1195 while (bytes_used >= COMPRESSED_W_SIZE) {
1196 ret = hfs_write_compressed_data(a, COMPRESSED_W_SIZE);
1197 if (ret != ARCHIVE_OK)
1199 bytes_used -= COMPRESSED_W_SIZE;
1200 if (bytes_used > COMPRESSED_W_SIZE)
1201 memmove(a->compressed_buffer,
1202 a->compressed_buffer + COMPRESSED_W_SIZE,
1205 memcpy(a->compressed_buffer,
1206 a->compressed_buffer + COMPRESSED_W_SIZE,
1209 a->compressed_buffer_remaining = a->compressed_buffer_size - bytes_used;
1212 * If the current block is the last block, write the remaining
1213 * compressed data and the resource fork footer.
1215 if (a->file_remaining_bytes == 0) {
1219 /* Append the resource footer. */
1220 rsrc_size = hfs_set_resource_fork_footer(
1221 a->compressed_buffer + bytes_used,
1222 a->compressed_buffer_remaining);
1223 ret = hfs_write_compressed_data(a, bytes_used + rsrc_size);
1224 a->compressed_buffer_remaining = a->compressed_buffer_size;
1226 /* If the compressed size is not enouph smaller than
1227 * the uncompressed size. cancel HFS+ compression.
1228 * TODO: study a behavior of ditto utility and improve
1229 * the condition to fall back into no HFS+ compression. */
1230 bk = HFS_BLOCKS(a->compressed_rsrc_position);
1232 if (bk > HFS_BLOCKS(a->filesize))
1233 return hfs_decompress(a);
1235 * Write the resourcefork header.
1237 if (ret == ARCHIVE_OK)
1238 ret = hfs_write_resource_fork_header(a);
1240 * Finish HFS+ Compression.
1241 * - Write the decmpfs xattr.
1242 * - Set the UF_COMPRESSED file flag.
1244 if (ret == ARCHIVE_OK)
1245 ret = hfs_write_decmpfs(a);
1246 if (ret == ARCHIVE_OK)
1247 ret = hfs_set_compressed_fflag(a);
1253 hfs_write_decmpfs_block(struct archive_write_disk *a, const char *buff,
1256 const char *buffer_to_write;
1257 size_t bytes_to_write;
1260 if (a->decmpfs_block_count == (unsigned)-1) {
1263 unsigned int block_count;
1265 if (a->decmpfs_header_p == NULL) {
1266 new_block = malloc(MAX_DECMPFS_XATTR_SIZE
1267 + sizeof(uint32_t));
1268 if (new_block == NULL) {
1269 archive_set_error(&a->archive, ENOMEM,
1270 "Can't allocate memory for decmpfs");
1271 return (ARCHIVE_FATAL);
1273 a->decmpfs_header_p = new_block;
1275 a->decmpfs_attr_size = DECMPFS_HEADER_SIZE;
1276 archive_le32enc(&a->decmpfs_header_p[DECMPFS_COMPRESSION_MAGIC],
1278 archive_le32enc(&a->decmpfs_header_p[DECMPFS_COMPRESSION_TYPE],
1280 archive_le64enc(&a->decmpfs_header_p[DECMPFS_UNCOMPRESSED_SIZE],
1283 /* Calculate a block count of the file. */
1285 (a->filesize + MAX_DECMPFS_BLOCK_SIZE -1) /
1286 MAX_DECMPFS_BLOCK_SIZE;
1288 * Allocate buffer for resource fork.
1289 * Set up related pointers;
1292 RSRC_H_SIZE + /* header */
1293 4 + /* Block count */
1294 (block_count * sizeof(uint32_t) * 2) +
1295 RSRC_F_SIZE; /* footer */
1296 if (new_size > a->resource_fork_allocated_size) {
1297 new_block = realloc(a->resource_fork, new_size);
1298 if (new_block == NULL) {
1299 archive_set_error(&a->archive, ENOMEM,
1300 "Can't allocate memory for ResourceFork");
1301 return (ARCHIVE_FATAL);
1303 a->resource_fork_allocated_size = new_size;
1304 a->resource_fork = new_block;
1307 /* Allocate uncompressed buffer */
1308 if (a->uncompressed_buffer == NULL) {
1309 new_block = malloc(MAX_DECMPFS_BLOCK_SIZE);
1310 if (new_block == NULL) {
1311 archive_set_error(&a->archive, ENOMEM,
1312 "Can't allocate memory for decmpfs");
1313 return (ARCHIVE_FATAL);
1315 a->uncompressed_buffer = new_block;
1317 a->block_remaining_bytes = MAX_DECMPFS_BLOCK_SIZE;
1318 a->file_remaining_bytes = a->filesize;
1319 a->compressed_buffer_remaining = a->compressed_buffer_size;
1322 * Set up a resource fork.
1324 a->rsrc_xattr_options = XATTR_CREATE;
1325 /* Get the position where we are going to set a bunch
1327 a->decmpfs_block_info =
1328 (uint32_t *)(a->resource_fork + RSRC_H_SIZE);
1329 /* Set the block count to the resource fork. */
1330 archive_le32enc(a->decmpfs_block_info++, block_count);
1331 /* Get the position where we are goint to set compressed
1333 a->compressed_rsrc_position =
1334 RSRC_H_SIZE + 4 + (block_count * 8);
1335 a->compressed_rsrc_position_v = a->compressed_rsrc_position;
1336 a->decmpfs_block_count = block_count;
1339 /* Ignore redundant bytes. */
1340 if (a->file_remaining_bytes == 0)
1341 return ((ssize_t)size);
1343 /* Do not overrun a block size. */
1344 if (size > a->block_remaining_bytes)
1345 bytes_to_write = a->block_remaining_bytes;
1347 bytes_to_write = size;
1348 /* Do not overrun the file size. */
1349 if (bytes_to_write > a->file_remaining_bytes)
1350 bytes_to_write = a->file_remaining_bytes;
1352 /* For efficiency, if a copy length is full of the uncompressed
1353 * buffer size, do not copy writing data to it. */
1354 if (bytes_to_write == MAX_DECMPFS_BLOCK_SIZE)
1355 buffer_to_write = buff;
1357 memcpy(a->uncompressed_buffer +
1358 MAX_DECMPFS_BLOCK_SIZE - a->block_remaining_bytes,
1359 buff, bytes_to_write);
1360 buffer_to_write = a->uncompressed_buffer;
1362 a->block_remaining_bytes -= bytes_to_write;
1363 a->file_remaining_bytes -= bytes_to_write;
1365 if (a->block_remaining_bytes == 0 || a->file_remaining_bytes == 0) {
1366 ret = hfs_drive_compressor(a, buffer_to_write,
1367 MAX_DECMPFS_BLOCK_SIZE - a->block_remaining_bytes);
1370 a->block_remaining_bytes = MAX_DECMPFS_BLOCK_SIZE;
1372 /* Ignore redundant bytes. */
1373 if (a->file_remaining_bytes == 0)
1374 return ((ssize_t)size);
1375 return (bytes_to_write);
1379 hfs_write_data_block(struct archive_write_disk *a, const char *buff,
1382 uint64_t start_size = size;
1383 ssize_t bytes_written = 0;
1384 ssize_t bytes_to_write;
1387 return (ARCHIVE_OK);
1389 if (a->filesize == 0 || a->fd < 0) {
1390 archive_set_error(&a->archive, 0,
1391 "Attempt to write to an empty file");
1392 return (ARCHIVE_WARN);
1395 /* If this write would run beyond the file size, truncate it. */
1396 if (a->filesize >= 0 && (int64_t)(a->offset + size) > a->filesize)
1397 start_size = size = (size_t)(a->filesize - a->offset);
1399 /* Write the data. */
1401 bytes_to_write = size;
1402 /* Seek if necessary to the specified offset. */
1403 if (a->offset < a->fd_offset) {
1404 /* Can't support backword move. */
1405 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1407 return (ARCHIVE_FATAL);
1408 } else if (a->offset > a->fd_offset) {
1409 int64_t skip = a->offset - a->fd_offset;
1410 char nullblock[1024];
1412 memset(nullblock, 0, sizeof(nullblock));
1414 if (skip > (int64_t)sizeof(nullblock))
1415 bytes_written = hfs_write_decmpfs_block(
1416 a, nullblock, sizeof(nullblock));
1418 bytes_written = hfs_write_decmpfs_block(
1419 a, nullblock, skip);
1420 if (bytes_written < 0) {
1421 archive_set_error(&a->archive, errno,
1423 return (ARCHIVE_WARN);
1425 skip -= bytes_written;
1428 a->fd_offset = a->offset;
1431 hfs_write_decmpfs_block(a, buff, bytes_to_write);
1432 if (bytes_written < 0)
1433 return (bytes_written);
1434 buff += bytes_written;
1435 size -= bytes_written;
1436 a->total_bytes_written += bytes_written;
1437 a->offset += bytes_written;
1438 a->fd_offset = a->offset;
1440 return (start_size - size);
1444 hfs_write_data_block(struct archive_write_disk *a, const char *buff,
1447 return (write_data_block(a, buff, size));
1452 _archive_write_disk_data_block(struct archive *_a,
1453 const void *buff, size_t size, int64_t offset)
1455 struct archive_write_disk *a = (struct archive_write_disk *)_a;
1458 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
1459 ARCHIVE_STATE_DATA, "archive_write_data_block");
1462 if (a->todo & TODO_HFS_COMPRESSION)
1463 r = hfs_write_data_block(a, buff, size);
1465 r = write_data_block(a, buff, size);
1468 if ((size_t)r < size) {
1469 archive_set_error(&a->archive, 0,
1470 "Write request too large");
1471 return (ARCHIVE_WARN);
1473 return (ARCHIVE_OK);
1477 _archive_write_disk_data(struct archive *_a, const void *buff, size_t size)
1479 struct archive_write_disk *a = (struct archive_write_disk *)_a;
1481 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
1482 ARCHIVE_STATE_DATA, "archive_write_data");
1484 if (a->todo & TODO_HFS_COMPRESSION)
1485 return (hfs_write_data_block(a, buff, size));
1486 return (write_data_block(a, buff, size));
1490 _archive_write_disk_finish_entry(struct archive *_a)
1492 struct archive_write_disk *a = (struct archive_write_disk *)_a;
1493 int ret = ARCHIVE_OK;
1495 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
1496 ARCHIVE_STATE_HEADER | ARCHIVE_STATE_DATA,
1497 "archive_write_finish_entry");
1498 if (a->archive.state & ARCHIVE_STATE_HEADER)
1499 return (ARCHIVE_OK);
1500 archive_clear_error(&a->archive);
1502 /* Pad or truncate file to the right size. */
1504 /* There's no file. */
1505 } else if (a->filesize < 0) {
1506 /* File size is unknown, so we can't set the size. */
1507 } else if (a->fd_offset == a->filesize) {
1508 /* Last write ended at exactly the filesize; we're done. */
1509 /* Hopefully, this is the common case. */
1510 #if defined(__APPLE__) && defined(UF_COMPRESSED) && defined(HAVE_ZLIB_H)
1511 } else if (a->todo & TODO_HFS_COMPRESSION) {
1515 if (a->file_remaining_bytes)
1516 memset(null_d, 0, sizeof(null_d));
1517 while (a->file_remaining_bytes) {
1518 if (a->file_remaining_bytes > sizeof(null_d))
1519 r = hfs_write_data_block(
1520 a, null_d, sizeof(null_d));
1522 r = hfs_write_data_block(
1523 a, null_d, a->file_remaining_bytes);
1530 if (ftruncate(a->fd, a->filesize) == -1 &&
1532 archive_set_error(&a->archive, errno,
1533 "File size could not be restored");
1534 return (ARCHIVE_FAILED);
1538 * Not all platforms implement the XSI option to
1539 * extend files via ftruncate. Stat() the file again
1540 * to see what happened.
1543 if ((ret = lazy_stat(a)) != ARCHIVE_OK)
1545 /* We can use lseek()/write() to extend the file if
1546 * ftruncate didn't work or isn't available. */
1547 if (a->st.st_size < a->filesize) {
1548 const char nul = '\0';
1549 if (lseek(a->fd, a->filesize - 1, SEEK_SET) < 0) {
1550 archive_set_error(&a->archive, errno,
1552 return (ARCHIVE_FATAL);
1554 if (write(a->fd, &nul, 1) < 0) {
1555 archive_set_error(&a->archive, errno,
1556 "Write to restore size failed");
1557 return (ARCHIVE_FATAL);
1563 /* Restore metadata. */
1566 * This is specific to Mac OS X.
1567 * If the current file is an AppleDouble file, it should be
1568 * linked with the data fork file and remove it.
1570 if (a->todo & TODO_APPLEDOUBLE) {
1571 int r2 = fixup_appledouble(a, a->name);
1572 if (r2 == ARCHIVE_EOF) {
1573 /* The current file has been successfully linked
1574 * with the data fork file and removed. So there
1575 * is nothing to do on the current file. */
1576 goto finish_metadata;
1578 if (r2 < ret) ret = r2;
1582 * Look up the "real" UID only if we're going to need it.
1583 * TODO: the TODO_SGID condition can be dropped here, can't it?
1585 if (a->todo & (TODO_OWNER | TODO_SUID | TODO_SGID)) {
1586 a->uid = archive_write_disk_uid(&a->archive,
1587 archive_entry_uname(a->entry),
1588 archive_entry_uid(a->entry));
1590 /* Look up the "real" GID only if we're going to need it. */
1591 /* TODO: the TODO_SUID condition can be dropped here, can't it? */
1592 if (a->todo & (TODO_OWNER | TODO_SGID | TODO_SUID)) {
1593 a->gid = archive_write_disk_gid(&a->archive,
1594 archive_entry_gname(a->entry),
1595 archive_entry_gid(a->entry));
1599 * Restore ownership before set_mode tries to restore suid/sgid
1600 * bits. If we set the owner, we know what it is and can skip
1601 * a stat() call to examine the ownership of the file on disk.
1603 if (a->todo & TODO_OWNER) {
1604 int r2 = set_ownership(a);
1605 if (r2 < ret) ret = r2;
1609 * set_mode must precede ACLs on systems such as Solaris and
1610 * FreeBSD where setting the mode implicitly clears extended ACLs
1612 if (a->todo & TODO_MODE) {
1613 int r2 = set_mode(a, a->mode);
1614 if (r2 < ret) ret = r2;
1618 * Security-related extended attributes (such as
1619 * security.capability on Linux) have to be restored last,
1620 * since they're implicitly removed by other file changes.
1622 if (a->todo & TODO_XATTR) {
1623 int r2 = set_xattrs(a);
1624 if (r2 < ret) ret = r2;
1628 * Some flags prevent file modification; they must be restored after
1629 * file contents are written.
1631 if (a->todo & TODO_FFLAGS) {
1632 int r2 = set_fflags(a);
1633 if (r2 < ret) ret = r2;
1637 * Time must follow most other metadata;
1638 * otherwise atime will get changed.
1640 if (a->todo & TODO_TIMES) {
1641 int r2 = set_times_from_entry(a);
1642 if (r2 < ret) ret = r2;
1646 * Mac extended metadata includes ACLs.
1648 if (a->todo & TODO_MAC_METADATA) {
1649 const void *metadata;
1650 size_t metadata_size;
1651 metadata = archive_entry_mac_metadata(a->entry, &metadata_size);
1652 if (metadata != NULL && metadata_size > 0) {
1653 int r2 = set_mac_metadata(a, archive_entry_pathname(
1654 a->entry), metadata, metadata_size);
1655 if (r2 < ret) ret = r2;
1660 * ACLs must be restored after timestamps because there are
1661 * ACLs that prevent attribute changes (including time).
1663 if (a->todo & TODO_ACLS) {
1664 int r2 = archive_write_disk_set_acls(&a->archive, a->fd,
1665 archive_entry_pathname(a->entry),
1666 archive_entry_acl(a->entry));
1667 if (r2 < ret) ret = r2;
1671 /* If there's an fd, we can close it now. */
1676 /* If there's an entry, we can release it now. */
1678 archive_entry_free(a->entry);
1681 a->archive.state = ARCHIVE_STATE_HEADER;
1686 archive_write_disk_set_group_lookup(struct archive *_a,
1688 int64_t (*lookup_gid)(void *private, const char *gname, int64_t gid),
1689 void (*cleanup_gid)(void *private))
1691 struct archive_write_disk *a = (struct archive_write_disk *)_a;
1692 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
1693 ARCHIVE_STATE_ANY, "archive_write_disk_set_group_lookup");
1695 if (a->cleanup_gid != NULL && a->lookup_gid_data != NULL)
1696 (a->cleanup_gid)(a->lookup_gid_data);
1698 a->lookup_gid = lookup_gid;
1699 a->cleanup_gid = cleanup_gid;
1700 a->lookup_gid_data = private_data;
1701 return (ARCHIVE_OK);
1705 archive_write_disk_set_user_lookup(struct archive *_a,
1707 int64_t (*lookup_uid)(void *private, const char *uname, int64_t uid),
1708 void (*cleanup_uid)(void *private))
1710 struct archive_write_disk *a = (struct archive_write_disk *)_a;
1711 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
1712 ARCHIVE_STATE_ANY, "archive_write_disk_set_user_lookup");
1714 if (a->cleanup_uid != NULL && a->lookup_uid_data != NULL)
1715 (a->cleanup_uid)(a->lookup_uid_data);
1717 a->lookup_uid = lookup_uid;
1718 a->cleanup_uid = cleanup_uid;
1719 a->lookup_uid_data = private_data;
1720 return (ARCHIVE_OK);
1724 archive_write_disk_gid(struct archive *_a, const char *name, int64_t id)
1726 struct archive_write_disk *a = (struct archive_write_disk *)_a;
1727 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
1728 ARCHIVE_STATE_ANY, "archive_write_disk_gid");
1730 return (a->lookup_gid)(a->lookup_gid_data, name, id);
1735 archive_write_disk_uid(struct archive *_a, const char *name, int64_t id)
1737 struct archive_write_disk *a = (struct archive_write_disk *)_a;
1738 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
1739 ARCHIVE_STATE_ANY, "archive_write_disk_uid");
1741 return (a->lookup_uid)(a->lookup_uid_data, name, id);
1746 * Create a new archive_write_disk object and initialize it with global state.
1749 archive_write_disk_new(void)
1751 struct archive_write_disk *a;
1753 a = (struct archive_write_disk *)malloc(sizeof(*a));
1756 memset(a, 0, sizeof(*a));
1757 a->archive.magic = ARCHIVE_WRITE_DISK_MAGIC;
1758 /* We're ready to write a header immediately. */
1759 a->archive.state = ARCHIVE_STATE_HEADER;
1760 a->archive.vtable = archive_write_disk_vtable();
1761 a->start_time = time(NULL);
1762 /* Query and restore the umask. */
1763 umask(a->user_umask = umask(0));
1765 a->user_uid = geteuid();
1766 #endif /* HAVE_GETEUID */
1767 if (archive_string_ensure(&a->path_safe, 512) == NULL) {
1772 a->decmpfs_compression_level = 5;
1774 return (&a->archive);
1779 * If pathname is longer than PATH_MAX, chdir to a suitable
1780 * intermediate dir and edit the path down to a shorter suffix. Note
1781 * that this routine never returns an error; if the chdir() attempt
1782 * fails for any reason, we just go ahead with the long pathname. The
1783 * object creation is likely to fail, but any error will get handled
1786 #if defined(HAVE_FCHDIR) && defined(PATH_MAX)
1788 edit_deep_directories(struct archive_write_disk *a)
1791 char *tail = a->name;
1793 /* If path is short, avoid the open() below. */
1794 if (strlen(tail) <= PATH_MAX)
1797 /* Try to record our starting dir. */
1798 a->restore_pwd = open(".", O_RDONLY | O_BINARY | O_CLOEXEC);
1799 __archive_ensure_cloexec_flag(a->restore_pwd);
1800 if (a->restore_pwd < 0)
1803 /* As long as the path is too long... */
1804 while (strlen(tail) > PATH_MAX) {
1805 /* Locate a dir prefix shorter than PATH_MAX. */
1806 tail += PATH_MAX - 8;
1807 while (tail > a->name && *tail != '/')
1809 /* Exit if we find a too-long path component. */
1810 if (tail <= a->name)
1812 /* Create the intermediate dir and chdir to it. */
1813 *tail = '\0'; /* Terminate dir portion */
1814 ret = create_dir(a, a->name);
1815 if (ret == ARCHIVE_OK && chdir(a->name) != 0)
1816 ret = ARCHIVE_FAILED;
1817 *tail = '/'; /* Restore the / we removed. */
1818 if (ret != ARCHIVE_OK)
1821 /* The chdir() succeeded; we've now shortened the path. */
1829 * The main restore function.
1832 restore_entry(struct archive_write_disk *a)
1834 int ret = ARCHIVE_OK, en;
1836 if (a->flags & ARCHIVE_EXTRACT_UNLINK && !S_ISDIR(a->mode)) {
1838 * TODO: Fix this. Apparently, there are platforms
1839 * that still allow root to hose the entire filesystem
1840 * by unlinking a dir. The S_ISDIR() test above
1841 * prevents us from using unlink() here if the new
1842 * object is a dir, but that doesn't mean the old
1843 * object isn't a dir.
1845 if (unlink(a->name) == 0) {
1846 /* We removed it, reset cached stat. */
1848 } else if (errno == ENOENT) {
1849 /* File didn't exist, that's just as good. */
1850 } else if (rmdir(a->name) == 0) {
1851 /* It was a dir, but now it's gone. */
1854 /* We tried, but couldn't get rid of it. */
1855 archive_set_error(&a->archive, errno,
1856 "Could not unlink");
1857 return(ARCHIVE_FAILED);
1861 /* Try creating it first; if this fails, we'll try to recover. */
1862 en = create_filesystem_object(a);
1864 if ((en == ENOTDIR || en == ENOENT)
1865 && !(a->flags & ARCHIVE_EXTRACT_NO_AUTODIR)) {
1866 /* If the parent dir doesn't exist, try creating it. */
1867 create_parent_dir(a, a->name);
1868 /* Now try to create the object again. */
1869 en = create_filesystem_object(a);
1872 if ((en == EISDIR || en == EEXIST)
1873 && (a->flags & ARCHIVE_EXTRACT_NO_OVERWRITE)) {
1874 /* If we're not overwriting, we're done. */
1875 archive_entry_unset_size(a->entry);
1876 return (ARCHIVE_OK);
1880 * Some platforms return EISDIR if you call
1881 * open(O_WRONLY | O_EXCL | O_CREAT) on a directory, some
1882 * return EEXIST. POSIX is ambiguous, requiring EISDIR
1883 * for open(O_WRONLY) on a dir and EEXIST for open(O_EXCL | O_CREAT)
1884 * on an existing item.
1887 /* A dir is in the way of a non-dir, rmdir it. */
1888 if (rmdir(a->name) != 0) {
1889 archive_set_error(&a->archive, errno,
1890 "Can't remove already-existing dir");
1891 return (ARCHIVE_FAILED);
1895 en = create_filesystem_object(a);
1896 } else if (en == EEXIST) {
1898 * We know something is in the way, but we don't know what;
1899 * we need to find out before we go any further.
1903 * The SECURE_SYMLINKS logic has already removed a
1904 * symlink to a dir if the client wants that. So
1905 * follow the symlink if we're creating a dir.
1907 if (S_ISDIR(a->mode))
1908 r = stat(a->name, &a->st);
1910 * If it's not a dir (or it's a broken symlink),
1911 * then don't follow it.
1913 if (r != 0 || !S_ISDIR(a->mode))
1914 r = lstat(a->name, &a->st);
1916 archive_set_error(&a->archive, errno,
1917 "Can't stat existing object");
1918 return (ARCHIVE_FAILED);
1922 * NO_OVERWRITE_NEWER doesn't apply to directories.
1924 if ((a->flags & ARCHIVE_EXTRACT_NO_OVERWRITE_NEWER)
1925 && !S_ISDIR(a->st.st_mode)) {
1926 if (!older(&(a->st), a->entry)) {
1927 archive_entry_unset_size(a->entry);
1928 return (ARCHIVE_OK);
1932 /* If it's our archive, we're done. */
1933 if (a->skip_file_set &&
1934 a->st.st_dev == (dev_t)a->skip_file_dev &&
1935 a->st.st_ino == (ino_t)a->skip_file_ino) {
1936 archive_set_error(&a->archive, 0,
1937 "Refusing to overwrite archive");
1938 return (ARCHIVE_FAILED);
1941 if (!S_ISDIR(a->st.st_mode)) {
1942 /* A non-dir is in the way, unlink it. */
1943 if (unlink(a->name) != 0) {
1944 archive_set_error(&a->archive, errno,
1945 "Can't unlink already-existing object");
1946 return (ARCHIVE_FAILED);
1950 en = create_filesystem_object(a);
1951 } else if (!S_ISDIR(a->mode)) {
1952 /* A dir is in the way of a non-dir, rmdir it. */
1953 if (rmdir(a->name) != 0) {
1954 archive_set_error(&a->archive, errno,
1955 "Can't replace existing directory with non-directory");
1956 return (ARCHIVE_FAILED);
1959 en = create_filesystem_object(a);
1962 * There's a dir in the way of a dir. Don't
1963 * waste time with rmdir()/mkdir(), just fix
1964 * up the permissions on the existing dir.
1965 * Note that we don't change perms on existing
1966 * dirs unless _EXTRACT_PERM is specified.
1968 if ((a->mode != a->st.st_mode)
1969 && (a->todo & TODO_MODE_FORCE))
1970 a->deferred |= (a->todo & TODO_MODE);
1971 /* Ownership doesn't need deferred fixup. */
1972 en = 0; /* Forget the EEXIST. */
1977 /* Everything failed; give up here. */
1978 archive_set_error(&a->archive, en, "Can't create '%s'",
1980 return (ARCHIVE_FAILED);
1983 a->pst = NULL; /* Cached stat data no longer valid. */
1988 * Returns 0 if creation succeeds, or else returns errno value from
1989 * the failed system call. Note: This function should only ever perform
1990 * a single system call.
1993 create_filesystem_object(struct archive_write_disk *a)
1995 /* Create the entry. */
1996 const char *linkname;
1997 mode_t final_mode, mode;
2000 /* We identify hard/symlinks according to the link names. */
2001 /* Since link(2) and symlink(2) don't handle modes, we're done here. */
2002 linkname = archive_entry_hardlink(a->entry);
2003 if (linkname != NULL) {
2007 r = link(linkname, a->name) ? errno : 0;
2009 * New cpio and pax formats allow hardlink entries
2010 * to carry data, so we may have to open the file
2011 * for hardlink entries.
2013 * If the hardlink was successfully created and
2014 * the archive doesn't have carry data for it,
2015 * consider it to be non-authoritative for meta data.
2016 * This is consistent with GNU tar and BSD pax.
2017 * If the hardlink does carry data, let the last
2018 * archive entry decide ownership.
2020 if (r == 0 && a->filesize <= 0) {
2023 } else if (r == 0 && a->filesize > 0) {
2024 a->fd = open(a->name,
2025 O_WRONLY | O_TRUNC | O_BINARY | O_CLOEXEC);
2026 __archive_ensure_cloexec_flag(a->fd);
2033 linkname = archive_entry_symlink(a->entry);
2034 if (linkname != NULL) {
2036 return symlink(linkname, a->name) ? errno : 0;
2043 * The remaining system calls all set permissions, so let's
2044 * try to take advantage of that to avoid an extra chmod()
2045 * call. (Recall that umask is set to zero right now!)
2048 /* Mode we want for the final restored object (w/o file type bits). */
2049 final_mode = a->mode & 07777;
2051 * The mode that will actually be restored in this step. Note
2052 * that SUID, SGID, etc, require additional work to ensure
2053 * security, so we never restore them at this point.
2055 mode = final_mode & 0777 & ~a->user_umask;
2057 switch (a->mode & AE_IFMT) {
2059 /* POSIX requires that we fall through here. */
2062 a->fd = open(a->name,
2063 O_WRONLY | O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC, mode);
2064 __archive_ensure_cloexec_flag(a->fd);
2069 /* Note: we use AE_IFCHR for the case label, and
2070 * S_IFCHR for the mknod() call. This is correct. */
2071 r = mknod(a->name, mode | S_IFCHR,
2072 archive_entry_rdev(a->entry));
2075 /* TODO: Find a better way to warn about our inability
2076 * to restore a char device node. */
2078 #endif /* HAVE_MKNOD */
2081 r = mknod(a->name, mode | S_IFBLK,
2082 archive_entry_rdev(a->entry));
2085 /* TODO: Find a better way to warn about our inability
2086 * to restore a block device node. */
2088 #endif /* HAVE_MKNOD */
2090 mode = (mode | MINIMUM_DIR_MODE) & MAXIMUM_DIR_MODE;
2091 r = mkdir(a->name, mode);
2093 /* Defer setting dir times. */
2094 a->deferred |= (a->todo & TODO_TIMES);
2095 a->todo &= ~TODO_TIMES;
2096 /* Never use an immediate chmod(). */
2097 /* We can't avoid the chmod() entirely if EXTRACT_PERM
2098 * because of SysV SGID inheritance. */
2099 if ((mode != final_mode)
2100 || (a->flags & ARCHIVE_EXTRACT_PERM))
2101 a->deferred |= (a->todo & TODO_MODE);
2102 a->todo &= ~TODO_MODE;
2107 r = mkfifo(a->name, mode);
2110 /* TODO: Find a better way to warn about our inability
2111 * to restore a fifo. */
2113 #endif /* HAVE_MKFIFO */
2116 /* All the system calls above set errno on failure. */
2120 /* If we managed to set the final mode, we've avoided a chmod(). */
2121 if (mode == final_mode)
2122 a->todo &= ~TODO_MODE;
2127 * Cleanup function for archive_extract. Mostly, this involves processing
2128 * the fixup list, which is used to address a number of problems:
2129 * * Dir permissions might prevent us from restoring a file in that
2130 * dir, so we restore the dir with minimum 0700 permissions first,
2131 * then correct the mode at the end.
2132 * * Similarly, the act of restoring a file touches the directory
2133 * and changes the timestamp on the dir, so we have to touch-up dir
2134 * timestamps at the end as well.
2135 * * Some file flags can interfere with the restore by, for example,
2136 * preventing the creation of hardlinks to those files.
2137 * * Mac OS extended metadata includes ACLs, so must be deferred on dirs.
2139 * Note that tar/cpio do not require that archives be in a particular
2140 * order; there is no way to know when the last file has been restored
2141 * within a directory, so there's no way to optimize the memory usage
2142 * here by fixing up the directory any earlier than the
2145 * XXX TODO: Directory ACLs should be restored here, for the same
2146 * reason we set directory perms here. XXX
2149 _archive_write_disk_close(struct archive *_a)
2151 struct archive_write_disk *a = (struct archive_write_disk *)_a;
2152 struct fixup_entry *next, *p;
2155 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
2156 ARCHIVE_STATE_HEADER | ARCHIVE_STATE_DATA,
2157 "archive_write_disk_close");
2158 ret = _archive_write_disk_finish_entry(&a->archive);
2160 /* Sort dir list so directories are fixed up in depth-first order. */
2161 p = sort_dir_list(a->fixup_list);
2164 a->pst = NULL; /* Mark stat cache as out-of-date. */
2165 if (p->fixup & TODO_TIMES) {
2166 set_times(a, -1, p->mode, p->name,
2167 p->atime, p->atime_nanos,
2168 p->birthtime, p->birthtime_nanos,
2169 p->mtime, p->mtime_nanos,
2170 p->ctime, p->ctime_nanos);
2172 if (p->fixup & TODO_MODE_BASE)
2173 chmod(p->name, p->mode);
2174 if (p->fixup & TODO_ACLS)
2175 archive_write_disk_set_acls(&a->archive,
2176 -1, p->name, &p->acl);
2177 if (p->fixup & TODO_FFLAGS)
2178 set_fflags_platform(a, -1, p->name,
2179 p->mode, p->fflags_set, 0);
2180 if (p->fixup & TODO_MAC_METADATA)
2181 set_mac_metadata(a, p->name, p->mac_metadata,
2182 p->mac_metadata_size);
2184 archive_acl_clear(&p->acl);
2185 free(p->mac_metadata);
2190 a->fixup_list = NULL;
2195 _archive_write_disk_free(struct archive *_a)
2197 struct archive_write_disk *a;
2200 return (ARCHIVE_OK);
2201 archive_check_magic(_a, ARCHIVE_WRITE_DISK_MAGIC,
2202 ARCHIVE_STATE_ANY | ARCHIVE_STATE_FATAL, "archive_write_disk_free");
2203 a = (struct archive_write_disk *)_a;
2204 ret = _archive_write_disk_close(&a->archive);
2205 archive_write_disk_set_group_lookup(&a->archive, NULL, NULL, NULL);
2206 archive_write_disk_set_user_lookup(&a->archive, NULL, NULL, NULL);
2208 archive_entry_free(a->entry);
2209 archive_string_free(&a->_name_data);
2210 archive_string_free(&a->archive.error_string);
2211 archive_string_free(&a->path_safe);
2212 a->archive.magic = 0;
2213 __archive_clean(&a->archive);
2214 free(a->decmpfs_header_p);
2215 free(a->resource_fork);
2216 free(a->compressed_buffer);
2217 free(a->uncompressed_buffer);
2219 if (a->stream_valid) {
2220 switch (deflateEnd(&a->stream)) {
2224 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
2225 "Failed to clean up compressor");
2226 ret = ARCHIVE_FATAL;
2236 * Simple O(n log n) merge sort to order the fixup list. In
2237 * particular, we want to restore dir timestamps depth-first.
2239 static struct fixup_entry *
2240 sort_dir_list(struct fixup_entry *p)
2242 struct fixup_entry *a, *b, *t;
2246 /* A one-item list is already sorted. */
2247 if (p->next == NULL)
2250 /* Step 1: split the list. */
2254 /* Step a twice, t once. */
2260 /* Now, t is at the mid-point, so break the list here. */
2265 /* Step 2: Recursively sort the two sub-lists. */
2266 a = sort_dir_list(a);
2267 b = sort_dir_list(b);
2269 /* Step 3: Merge the returned lists. */
2270 /* Pick the first element for the merged list. */
2271 if (strcmp(a->name, b->name) > 0) {
2279 /* Always put the later element on the list first. */
2280 while (a != NULL && b != NULL) {
2281 if (strcmp(a->name, b->name) > 0) {
2291 /* Only one list is non-empty, so just splice it on. */
2301 * Returns a new, initialized fixup entry.
2303 * TODO: Reduce the memory requirements for this list by using a tree
2304 * structure rather than a simple list of names.
2306 static struct fixup_entry *
2307 new_fixup(struct archive_write_disk *a, const char *pathname)
2309 struct fixup_entry *fe;
2311 fe = (struct fixup_entry *)calloc(1, sizeof(struct fixup_entry));
2313 archive_set_error(&a->archive, ENOMEM,
2314 "Can't allocate memory for a fixup");
2317 fe->next = a->fixup_list;
2320 fe->name = strdup(pathname);
2325 * Returns a fixup structure for the current entry.
2327 static struct fixup_entry *
2328 current_fixup(struct archive_write_disk *a, const char *pathname)
2330 if (a->current_fixup == NULL)
2331 a->current_fixup = new_fixup(a, pathname);
2332 return (a->current_fixup);
2335 /* TODO: Make this work. */
2337 * TODO: The deep-directory support bypasses this; disable deep directory
2338 * support if we're doing symlink checks.
2341 * TODO: Someday, integrate this with the deep dir support; they both
2342 * scan the path and both can be optimized by comparing against other
2345 /* TODO: Extend this to support symlinks on Windows Vista and later. */
2347 check_symlinks(struct archive_write_disk *a)
2349 #if !defined(HAVE_LSTAT)
2350 /* Platform doesn't have lstat, so we can't look for symlinks. */
2351 (void)a; /* UNUSED */
2352 return (ARCHIVE_OK);
2360 * Guard against symlink tricks. Reject any archive entry whose
2361 * destination would be altered by a symlink.
2363 /* Whatever we checked last time doesn't need to be re-checked. */
2365 if (archive_strlen(&(a->path_safe)) > 0) {
2366 char *p = a->path_safe.s;
2367 while ((*pn != '\0') && (*p == *pn))
2371 /* Keep going until we've checked the entire name. */
2372 while (pn[0] != '\0' && (pn[0] != '/' || pn[1] != '\0')) {
2373 /* Skip the next path element. */
2374 while (*pn != '\0' && *pn != '/')
2378 /* Check that we haven't hit a symlink. */
2379 r = lstat(a->name, &st);
2381 /* We've hit a dir that doesn't exist; stop now. */
2382 if (errno == ENOENT)
2384 } else if (S_ISLNK(st.st_mode)) {
2387 * Last element is symlink; remove it
2388 * so we can overwrite it with the
2389 * item being extracted.
2391 if (unlink(a->name)) {
2392 archive_set_error(&a->archive, errno,
2393 "Could not remove symlink %s",
2396 return (ARCHIVE_FAILED);
2400 * Even if we did remove it, a warning
2401 * is in order. The warning is silly,
2402 * though, if we're just replacing one
2403 * symlink with another symlink.
2405 if (!S_ISLNK(a->mode)) {
2406 archive_set_error(&a->archive, 0,
2407 "Removing symlink %s",
2410 /* Symlink gone. No more problem! */
2413 } else if (a->flags & ARCHIVE_EXTRACT_UNLINK) {
2414 /* User asked us to remove problems. */
2415 if (unlink(a->name) != 0) {
2416 archive_set_error(&a->archive, 0,
2417 "Cannot remove intervening symlink %s",
2420 return (ARCHIVE_FAILED);
2424 archive_set_error(&a->archive, 0,
2425 "Cannot extract through symlink %s",
2428 return (ARCHIVE_FAILED);
2433 /* We've checked and/or cleaned the whole path, so remember it. */
2434 archive_strcpy(&a->path_safe, a->name);
2435 return (ARCHIVE_OK);
2439 #if defined(__CYGWIN__)
2441 * 1. Convert a path separator from '\' to '/' .
2442 * We shouldn't check multibyte character directly because some
2443 * character-set have been using the '\' character for a part of
2444 * its multibyte character code.
2445 * 2. Replace unusable characters in Windows with underscore('_').
2446 * See also : http://msdn.microsoft.com/en-us/library/aa365247.aspx
2449 cleanup_pathname_win(struct archive_write_disk *a)
2454 int mb, complete, utf8;
2459 utf8 = (strcmp(nl_langinfo(CODESET), "UTF-8") == 0)? 1: 0;
2460 for (p = a->name; *p != '\0'; p++) {
2463 /* If previous byte is smaller than 128,
2464 * this is not second byte of multibyte characters,
2465 * so we can replace '\' with '/'. */
2469 complete = 0;/* uncompleted. */
2470 } else if (*(unsigned char *)p > 127)
2474 /* Rewrite the path name if its next character is unusable. */
2475 if (*p == ':' || *p == '*' || *p == '?' || *p == '"' ||
2476 *p == '<' || *p == '>' || *p == '|')
2483 * Convert path separator in wide-character.
2486 while (*p != '\0' && alen) {
2487 l = mbtowc(&wc, p, alen);
2488 if (l == (size_t)-1) {
2489 while (*p != '\0') {
2496 if (l == 1 && wc == L'\\')
2505 * Canonicalize the pathname. In particular, this strips duplicate
2506 * '/' characters, '.' elements, and trailing '/'. It also raises an
2507 * error for an empty path, a trailing '..' or (if _SECURE_NODOTDOT is
2508 * set) any '..' in the path.
2511 cleanup_pathname(struct archive_write_disk *a)
2514 char separator = '\0';
2516 dest = src = a->name;
2518 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
2519 "Invalid empty pathname");
2520 return (ARCHIVE_FAILED);
2523 #if defined(__CYGWIN__)
2524 cleanup_pathname_win(a);
2526 /* Skip leading '/'. */
2530 /* Scan the pathname one element at a time. */
2532 /* src points to first char after '/' */
2533 if (src[0] == '\0') {
2535 } else if (src[0] == '/') {
2536 /* Found '//', ignore second one. */
2539 } else if (src[0] == '.') {
2540 if (src[1] == '\0') {
2541 /* Ignore trailing '.' */
2543 } else if (src[1] == '/') {
2547 } else if (src[1] == '.') {
2548 if (src[2] == '/' || src[2] == '\0') {
2549 /* Conditionally warn about '..' */
2550 if (a->flags & ARCHIVE_EXTRACT_SECURE_NODOTDOT) {
2551 archive_set_error(&a->archive,
2553 "Path contains '..'");
2554 return (ARCHIVE_FAILED);
2558 * Note: Under no circumstances do we
2559 * remove '..' elements. In
2560 * particular, restoring
2561 * '/foo/../bar/' should create the
2562 * 'foo' dir as a side-effect.
2567 /* Copy current element, including leading '/'. */
2570 while (*src != '\0' && *src != '/') {
2577 /* Skip '/' separator. */
2581 * We've just copied zero or more path elements, not including the
2584 if (dest == a->name) {
2586 * Nothing got copied. The path must have been something
2587 * like '.' or '/' or './' or '/././././/./'.
2594 /* Terminate the result. */
2596 return (ARCHIVE_OK);
2600 * Create the parent directory of the specified path, assuming path
2601 * is already in mutable storage.
2604 create_parent_dir(struct archive_write_disk *a, char *path)
2609 /* Remove tail element to obtain parent name. */
2610 slash = strrchr(path, '/');
2612 return (ARCHIVE_OK);
2614 r = create_dir(a, path);
2620 * Create the specified dir, recursing to create parents as necessary.
2622 * Returns ARCHIVE_OK if the path exists when we're done here.
2623 * Otherwise, returns ARCHIVE_FAILED.
2624 * Assumes path is in mutable storage; path is unchanged on exit.
2627 create_dir(struct archive_write_disk *a, char *path)
2630 struct fixup_entry *le;
2632 mode_t mode_final, mode;
2635 /* Check for special names and just skip them. */
2636 slash = strrchr(path, '/');
2642 if (base[0] == '\0' ||
2643 (base[0] == '.' && base[1] == '\0') ||
2644 (base[0] == '.' && base[1] == '.' && base[2] == '\0')) {
2645 /* Don't bother trying to create null path, '.', or '..'. */
2646 if (slash != NULL) {
2648 r = create_dir(a, path);
2652 return (ARCHIVE_OK);
2656 * Yes, this should be stat() and not lstat(). Using lstat()
2657 * here loses the ability to extract through symlinks. Also note
2658 * that this should not use the a->st cache.
2660 if (stat(path, &st) == 0) {
2661 if (S_ISDIR(st.st_mode))
2662 return (ARCHIVE_OK);
2663 if ((a->flags & ARCHIVE_EXTRACT_NO_OVERWRITE)) {
2664 archive_set_error(&a->archive, EEXIST,
2665 "Can't create directory '%s'", path);
2666 return (ARCHIVE_FAILED);
2668 if (unlink(path) != 0) {
2669 archive_set_error(&a->archive, errno,
2670 "Can't create directory '%s': "
2671 "Conflicting file cannot be removed",
2673 return (ARCHIVE_FAILED);
2675 } else if (errno != ENOENT && errno != ENOTDIR) {
2677 archive_set_error(&a->archive, errno, "Can't test directory '%s'", path);
2678 return (ARCHIVE_FAILED);
2679 } else if (slash != NULL) {
2681 r = create_dir(a, path);
2683 if (r != ARCHIVE_OK)
2688 * Mode we want for the final restored directory. Per POSIX,
2689 * implicitly-created dirs must be created obeying the umask.
2690 * There's no mention whether this is different for privileged
2691 * restores (which the rest of this code handles by pretending
2692 * umask=0). I've chosen here to always obey the user's umask for
2693 * implicit dirs, even if _EXTRACT_PERM was specified.
2695 mode_final = DEFAULT_DIR_MODE & ~a->user_umask;
2696 /* Mode we want on disk during the restore process. */
2698 mode |= MINIMUM_DIR_MODE;
2699 mode &= MAXIMUM_DIR_MODE;
2700 if (mkdir(path, mode) == 0) {
2701 if (mode != mode_final) {
2702 le = new_fixup(a, path);
2704 return (ARCHIVE_FATAL);
2705 le->fixup |=TODO_MODE_BASE;
2706 le->mode = mode_final;
2708 return (ARCHIVE_OK);
2712 * Without the following check, a/b/../b/c/d fails at the
2713 * second visit to 'b', so 'd' can't be created. Note that we
2714 * don't add it to the fixup list here, as it's already been
2717 if (stat(path, &st) == 0 && S_ISDIR(st.st_mode))
2718 return (ARCHIVE_OK);
2720 archive_set_error(&a->archive, errno, "Failed to create dir '%s'",
2722 return (ARCHIVE_FAILED);
2726 * Note: Although we can skip setting the user id if the desired user
2727 * id matches the current user, we cannot skip setting the group, as
2728 * many systems set the gid based on the containing directory. So
2729 * we have to perform a chown syscall if we want to set the SGID
2730 * bit. (The alternative is to stat() and then possibly chown(); it's
2731 * more efficient to skip the stat() and just always chown().) Note
2732 * that a successful chown() here clears the TODO_SGID_CHECK bit, which
2733 * allows set_mode to skip the stat() check for the GID.
2736 set_ownership(struct archive_write_disk *a)
2739 /* unfortunately, on win32 there is no 'root' user with uid 0,
2740 so we just have to try the chown and see if it works */
2742 /* If we know we can't change it, don't bother trying. */
2743 if (a->user_uid != 0 && a->user_uid != a->uid) {
2744 archive_set_error(&a->archive, errno,
2745 "Can't set UID=%jd", (intmax_t)a->uid);
2746 return (ARCHIVE_WARN);
2751 /* If we have an fd, we can avoid a race. */
2752 if (a->fd >= 0 && fchown(a->fd, a->uid, a->gid) == 0) {
2753 /* We've set owner and know uid/gid are correct. */
2754 a->todo &= ~(TODO_OWNER | TODO_SGID_CHECK | TODO_SUID_CHECK);
2755 return (ARCHIVE_OK);
2759 /* We prefer lchown() but will use chown() if that's all we have. */
2760 /* Of course, if we have neither, this will always fail. */
2762 if (lchown(a->name, a->uid, a->gid) == 0) {
2763 /* We've set owner and know uid/gid are correct. */
2764 a->todo &= ~(TODO_OWNER | TODO_SGID_CHECK | TODO_SUID_CHECK);
2765 return (ARCHIVE_OK);
2768 if (!S_ISLNK(a->mode) && chown(a->name, a->uid, a->gid) == 0) {
2769 /* We've set owner and know uid/gid are correct. */
2770 a->todo &= ~(TODO_OWNER | TODO_SGID_CHECK | TODO_SUID_CHECK);
2771 return (ARCHIVE_OK);
2775 archive_set_error(&a->archive, errno,
2776 "Can't set user=%jd/group=%jd for %s",
2777 (intmax_t)a->uid, (intmax_t)a->gid, a->name);
2778 return (ARCHIVE_WARN);
2782 * Note: Returns 0 on success, non-zero on failure.
2785 set_time(int fd, int mode, const char *name,
2786 time_t atime, long atime_nsec,
2787 time_t mtime, long mtime_nsec)
2789 /* Select the best implementation for this platform. */
2790 #if defined(HAVE_UTIMENSAT) && defined(HAVE_FUTIMENS)
2792 * utimensat() and futimens() are defined in
2793 * POSIX.1-2008. They support ns resolution and setting times
2794 * on fds and symlinks.
2796 struct timespec ts[2];
2797 (void)mode; /* UNUSED */
2798 if (atime == (time_t)-1) {
2800 ts[0].tv_nsec = UTIME_OMIT;
2802 ts[0].tv_sec = atime;
2803 ts[0].tv_nsec = atime_nsec;
2805 if (mtime == (time_t)-1) {
2807 ts[1].tv_nsec = UTIME_OMIT;
2809 ts[1].tv_sec = mtime;
2810 ts[1].tv_nsec = mtime_nsec;
2813 return futimens(fd, ts);
2814 return utimensat(AT_FDCWD, name, ts, AT_SYMLINK_NOFOLLOW);
2818 * The utimes()-family functions support µs-resolution and
2819 * setting times fds and symlinks. utimes() is documented as
2820 * LEGACY by POSIX, futimes() and lutimes() are not described
2823 struct timeval times[2];
2825 times[0].tv_sec = atime;
2826 times[0].tv_usec = atime_nsec / 1000;
2827 times[1].tv_sec = mtime;
2828 times[1].tv_usec = mtime_nsec / 1000;
2832 return (futimes(fd, times));
2834 (void)fd; /* UNUSED */
2837 (void)mode; /* UNUSED */
2838 return (lutimes(name, times));
2842 return (utimes(name, times));
2845 #elif defined(HAVE_UTIME)
2847 * utime() is POSIX-standard but only supports 1s resolution and
2848 * does not support fds or symlinks.
2850 struct utimbuf times;
2851 (void)fd; /* UNUSED */
2852 (void)name; /* UNUSED */
2853 (void)atime_nsec; /* UNUSED */
2854 (void)mtime_nsec; /* UNUSED */
2855 times.actime = atime;
2856 times.modtime = mtime;
2858 return (ARCHIVE_OK);
2859 return (utime(name, ×));
2863 * We don't know how to set the time on this platform.
2865 (void)fd; /* UNUSED */
2866 (void)mode; /* UNUSED */
2867 (void)name; /* UNUSED */
2868 (void)atime_nsec; /* UNUSED */
2869 (void)mtime_nsec; /* UNUSED */
2870 return (ARCHIVE_WARN);
2874 #ifdef F_SETTIMES /* Tru64 */
2876 set_time_tru64(int fd, int mode, const char *name,
2877 time_t atime, long atime_nsec,
2878 time_t mtime, long mtime_nsec,
2879 time_t ctime, long ctime_nsec)
2881 struct attr_timbuf tstamp;
2882 struct timeval times[3];
2883 times[0].tv_sec = atime;
2884 times[0].tv_usec = atime_nsec / 1000;
2885 times[1].tv_sec = mtime;
2886 times[1].tv_usec = mtime_nsec / 1000;
2887 times[2].tv_sec = ctime;
2888 times[2].tv_usec = ctime_nsec / 1000;
2889 tstamp.atime = times[0];
2890 tstamp.mtime = times[1];
2891 tstamp.ctime = times[2];
2892 return (fcntl(fd,F_SETTIMES,&tstamp));
2897 set_times(struct archive_write_disk *a,
2898 int fd, int mode, const char *name,
2899 time_t atime, long atime_nanos,
2900 time_t birthtime, long birthtime_nanos,
2901 time_t mtime, long mtime_nanos,
2902 time_t cctime, long ctime_nanos)
2904 /* Note: set_time doesn't use libarchive return conventions!
2905 * It uses syscall conventions. So 0 here instead of ARCHIVE_OK. */
2910 * on Tru64 try own fcntl first which can restore even the
2911 * ctime, fall back to default code path below if it fails
2912 * or if we are not running as root
2914 if (a->user_uid == 0 &&
2915 set_time_tru64(fd, mode, name,
2916 atime, atime_nanos, mtime,
2917 mtime_nanos, cctime, ctime_nanos) == 0) {
2918 return (ARCHIVE_OK);
2921 (void)cctime; /* UNUSED */
2922 (void)ctime_nanos; /* UNUSED */
2925 #ifdef HAVE_STRUCT_STAT_ST_BIRTHTIME
2927 * If you have struct stat.st_birthtime, we assume BSD
2928 * birthtime semantics, in which {f,l,}utimes() updates
2929 * birthtime to earliest mtime. So we set the time twice,
2930 * first using the birthtime, then using the mtime. If
2931 * birthtime == mtime, this isn't necessary, so we skip it.
2932 * If birthtime > mtime, then this won't work, so we skip it.
2934 if (birthtime < mtime
2935 || (birthtime == mtime && birthtime_nanos < mtime_nanos))
2936 r1 = set_time(fd, mode, name,
2938 birthtime, birthtime_nanos);
2940 (void)birthtime; /* UNUSED */
2941 (void)birthtime_nanos; /* UNUSED */
2943 r2 = set_time(fd, mode, name,
2945 mtime, mtime_nanos);
2946 if (r1 != 0 || r2 != 0) {
2947 archive_set_error(&a->archive, errno,
2948 "Can't restore time");
2949 return (ARCHIVE_WARN);
2951 return (ARCHIVE_OK);
2955 set_times_from_entry(struct archive_write_disk *a)
2957 time_t atime, birthtime, mtime, cctime;
2958 long atime_nsec, birthtime_nsec, mtime_nsec, ctime_nsec;
2960 /* Suitable defaults. */
2961 atime = birthtime = mtime = cctime = a->start_time;
2962 atime_nsec = birthtime_nsec = mtime_nsec = ctime_nsec = 0;
2964 /* If no time was provided, we're done. */
2965 if (!archive_entry_atime_is_set(a->entry)
2966 #if HAVE_STRUCT_STAT_ST_BIRTHTIME
2967 && !archive_entry_birthtime_is_set(a->entry)
2969 && !archive_entry_mtime_is_set(a->entry))
2970 return (ARCHIVE_OK);
2972 if (archive_entry_atime_is_set(a->entry)) {
2973 atime = archive_entry_atime(a->entry);
2974 atime_nsec = archive_entry_atime_nsec(a->entry);
2976 if (archive_entry_birthtime_is_set(a->entry)) {
2977 birthtime = archive_entry_birthtime(a->entry);
2978 birthtime_nsec = archive_entry_birthtime_nsec(a->entry);
2980 if (archive_entry_mtime_is_set(a->entry)) {
2981 mtime = archive_entry_mtime(a->entry);
2982 mtime_nsec = archive_entry_mtime_nsec(a->entry);
2984 if (archive_entry_ctime_is_set(a->entry)) {
2985 cctime = archive_entry_ctime(a->entry);
2986 ctime_nsec = archive_entry_ctime_nsec(a->entry);
2989 return set_times(a, a->fd, a->mode, a->name,
2991 birthtime, birthtime_nsec,
2993 cctime, ctime_nsec);
2997 set_mode(struct archive_write_disk *a, int mode)
3000 mode &= 07777; /* Strip off file type bits. */
3002 if (a->todo & TODO_SGID_CHECK) {
3004 * If we don't know the GID is right, we must stat()
3005 * to verify it. We can't just check the GID of this
3006 * process, since systems sometimes set GID from
3007 * the enclosing dir or based on ACLs.
3009 if ((r = lazy_stat(a)) != ARCHIVE_OK)
3011 if (a->pst->st_gid != a->gid) {
3013 if (a->flags & ARCHIVE_EXTRACT_OWNER) {
3015 * This is only an error if you
3016 * requested owner restore. If you
3017 * didn't, we'll try to restore
3018 * sgid/suid, but won't consider it a
3019 * problem if we can't.
3021 archive_set_error(&a->archive, -1,
3022 "Can't restore SGID bit");
3026 /* While we're here, double-check the UID. */
3027 if (a->pst->st_uid != a->uid
3028 && (a->todo & TODO_SUID)) {
3030 if (a->flags & ARCHIVE_EXTRACT_OWNER) {
3031 archive_set_error(&a->archive, -1,
3032 "Can't restore SUID bit");
3036 a->todo &= ~TODO_SGID_CHECK;
3037 a->todo &= ~TODO_SUID_CHECK;
3038 } else if (a->todo & TODO_SUID_CHECK) {
3040 * If we don't know the UID is right, we can just check
3041 * the user, since all systems set the file UID from
3044 if (a->user_uid != a->uid) {
3046 if (a->flags & ARCHIVE_EXTRACT_OWNER) {
3047 archive_set_error(&a->archive, -1,
3048 "Can't make file SUID");
3052 a->todo &= ~TODO_SUID_CHECK;
3055 if (S_ISLNK(a->mode)) {
3058 * If this is a symlink, use lchmod(). If the
3059 * platform doesn't support lchmod(), just skip it. A
3060 * platform that doesn't provide a way to set
3061 * permissions on symlinks probably ignores
3062 * permissions on symlinks, so a failure here has no
3065 if (lchmod(a->name, mode) != 0) {
3066 archive_set_error(&a->archive, errno,
3067 "Can't set permissions to 0%o", (int)mode);
3071 } else if (!S_ISDIR(a->mode)) {
3073 * If it's not a symlink and not a dir, then use
3074 * fchmod() or chmod(), depending on whether we have
3075 * an fd. Dirs get their perms set during the
3076 * post-extract fixup, which is handled elsewhere.
3080 if (fchmod(a->fd, mode) != 0) {
3081 archive_set_error(&a->archive, errno,
3082 "Can't set permissions to 0%o", (int)mode);
3087 /* If this platform lacks fchmod(), then
3088 * we'll just use chmod(). */
3089 if (chmod(a->name, mode) != 0) {
3090 archive_set_error(&a->archive, errno,
3091 "Can't set permissions to 0%o", (int)mode);
3099 set_fflags(struct archive_write_disk *a)
3101 struct fixup_entry *le;
3102 unsigned long set, clear;
3105 mode_t mode = archive_entry_mode(a->entry);
3108 * Make 'critical_flags' hold all file flags that can't be
3109 * immediately restored. For example, on BSD systems,
3110 * SF_IMMUTABLE prevents hardlinks from being created, so
3111 * should not be set until after any hardlinks are created. To
3112 * preserve some semblance of portability, this uses #ifdef
3113 * extensively. Ugly, but it works.
3115 * Yes, Virginia, this does create a security race. It's mitigated
3116 * somewhat by the practice of creating dirs 0700 until the extract
3117 * is done, but it would be nice if we could do more than that.
3118 * People restoring critical file systems should be wary of
3119 * other programs that might try to muck with files as they're
3122 /* Hopefully, the compiler will optimize this mess into a constant. */
3125 critical_flags |= SF_IMMUTABLE;
3128 critical_flags |= UF_IMMUTABLE;
3131 critical_flags |= SF_APPEND;
3134 critical_flags |= UF_APPEND;
3136 #ifdef EXT2_APPEND_FL
3137 critical_flags |= EXT2_APPEND_FL;
3139 #ifdef EXT2_IMMUTABLE_FL
3140 critical_flags |= EXT2_IMMUTABLE_FL;
3143 if (a->todo & TODO_FFLAGS) {
3144 archive_entry_fflags(a->entry, &set, &clear);
3147 * The first test encourages the compiler to eliminate
3148 * all of this if it's not necessary.
3150 if ((critical_flags != 0) && (set & critical_flags)) {
3151 le = current_fixup(a, a->name);
3153 return (ARCHIVE_FATAL);
3154 le->fixup |= TODO_FFLAGS;
3155 le->fflags_set = set;
3156 /* Store the mode if it's not already there. */
3157 if ((le->fixup & TODO_MODE) == 0)
3160 r = set_fflags_platform(a, a->fd,
3161 a->name, mode, set, clear);
3162 if (r != ARCHIVE_OK)
3166 return (ARCHIVE_OK);
3170 #if ( defined(HAVE_LCHFLAGS) || defined(HAVE_CHFLAGS) || defined(HAVE_FCHFLAGS) ) && defined(HAVE_STRUCT_STAT_ST_FLAGS)
3172 * BSD reads flags using stat() and sets them with one of {f,l,}chflags()
3175 set_fflags_platform(struct archive_write_disk *a, int fd, const char *name,
3176 mode_t mode, unsigned long set, unsigned long clear)
3180 (void)mode; /* UNUSED */
3181 if (set == 0 && clear == 0)
3182 return (ARCHIVE_OK);
3185 * XXX Is the stat here really necessary? Or can I just use
3186 * the 'set' flags directly? In particular, I'm not sure
3187 * about the correct approach if we're overwriting an existing
3188 * file that already has flags on it. XXX
3190 if ((r = lazy_stat(a)) != ARCHIVE_OK)
3193 a->st.st_flags &= ~clear;
3194 a->st.st_flags |= set;
3195 #ifdef HAVE_FCHFLAGS
3196 /* If platform has fchflags() and we were given an fd, use it. */
3197 if (fd >= 0 && fchflags(fd, a->st.st_flags) == 0)
3198 return (ARCHIVE_OK);
3201 * If we can't use the fd to set the flags, we'll use the
3202 * pathname to set flags. We prefer lchflags() but will use
3203 * chflags() if we must.
3205 #ifdef HAVE_LCHFLAGS
3206 if (lchflags(name, a->st.st_flags) == 0)
3207 return (ARCHIVE_OK);
3208 #elif defined(HAVE_CHFLAGS)
3209 if (S_ISLNK(a->st.st_mode)) {
3210 archive_set_error(&a->archive, errno,
3211 "Can't set file flags on symlink.");
3212 return (ARCHIVE_WARN);
3214 if (chflags(name, a->st.st_flags) == 0)
3215 return (ARCHIVE_OK);
3217 archive_set_error(&a->archive, errno,
3218 "Failed to set file flags");
3219 return (ARCHIVE_WARN);
3222 #elif defined(EXT2_IOC_GETFLAGS) && defined(EXT2_IOC_SETFLAGS) && defined(HAVE_WORKING_EXT2_IOC_GETFLAGS)
3224 * Linux uses ioctl() to read and write file flags.
3227 set_fflags_platform(struct archive_write_disk *a, int fd, const char *name,
3228 mode_t mode, unsigned long set, unsigned long clear)
3232 int newflags, oldflags;
3235 if (set == 0 && clear == 0)
3236 return (ARCHIVE_OK);
3237 /* Only regular files and dirs can have flags. */
3238 if (!S_ISREG(mode) && !S_ISDIR(mode))
3239 return (ARCHIVE_OK);
3241 /* If we weren't given an fd, open it ourselves. */
3243 myfd = open(name, O_RDONLY | O_NONBLOCK | O_BINARY | O_CLOEXEC);
3244 __archive_ensure_cloexec_flag(myfd);
3247 return (ARCHIVE_OK);
3250 * Linux has no define for the flags that are only settable by
3251 * the root user. This code may seem a little complex, but
3252 * there seem to be some Linux systems that lack these
3253 * defines. (?) The code below degrades reasonably gracefully
3254 * if sf_mask is incomplete.
3256 #ifdef EXT2_IMMUTABLE_FL
3257 sf_mask |= EXT2_IMMUTABLE_FL;
3259 #ifdef EXT2_APPEND_FL
3260 sf_mask |= EXT2_APPEND_FL;
3263 * XXX As above, this would be way simpler if we didn't have
3264 * to read the current flags from disk. XXX
3268 /* Read the current file flags. */
3269 if (ioctl(myfd, EXT2_IOC_GETFLAGS, &oldflags) < 0)
3272 /* Try setting the flags as given. */
3273 newflags = (oldflags & ~clear) | set;
3274 if (ioctl(myfd, EXT2_IOC_SETFLAGS, &newflags) >= 0)
3279 /* If we couldn't set all the flags, try again with a subset. */
3280 newflags &= ~sf_mask;
3281 oldflags &= sf_mask;
3282 newflags |= oldflags;
3283 if (ioctl(myfd, EXT2_IOC_SETFLAGS, &newflags) >= 0)
3286 /* We couldn't set the flags, so report the failure. */
3288 archive_set_error(&a->archive, errno,
3289 "Failed to set file flags");
3300 * Of course, some systems have neither BSD chflags() nor Linux' flags
3301 * support through ioctl().
3304 set_fflags_platform(struct archive_write_disk *a, int fd, const char *name,
3305 mode_t mode, unsigned long set, unsigned long clear)
3307 (void)a; /* UNUSED */
3308 (void)fd; /* UNUSED */
3309 (void)name; /* UNUSED */
3310 (void)mode; /* UNUSED */
3311 (void)set; /* UNUSED */
3312 (void)clear; /* UNUSED */
3313 return (ARCHIVE_OK);
3316 #endif /* __linux */
3318 #ifndef HAVE_COPYFILE_H
3319 /* Default is to simply drop Mac extended metadata. */
3321 set_mac_metadata(struct archive_write_disk *a, const char *pathname,
3322 const void *metadata, size_t metadata_size)
3324 (void)a; /* UNUSED */
3325 (void)pathname; /* UNUSED */
3326 (void)metadata; /* UNUSED */
3327 (void)metadata_size; /* UNUSED */
3328 return (ARCHIVE_OK);
3332 fixup_appledouble(struct archive_write_disk *a, const char *pathname)
3334 (void)a; /* UNUSED */
3335 (void)pathname; /* UNUSED */
3336 return (ARCHIVE_OK);
3341 * On Mac OS, we use copyfile() to unpack the metadata and
3342 * apply it to the target file.
3345 #if defined(HAVE_SYS_XATTR_H)
3347 copy_xattrs(struct archive_write_disk *a, int tmpfd, int dffd)
3350 char *xattr_names = NULL, *xattr_val = NULL;
3351 int ret = ARCHIVE_OK, xattr_i;
3353 xattr_size = flistxattr(tmpfd, NULL, 0, 0);
3354 if (xattr_size == -1) {
3355 archive_set_error(&a->archive, errno,
3356 "Failed to read metadata(xattr)");
3360 xattr_names = malloc(xattr_size);
3361 if (xattr_names == NULL) {
3362 archive_set_error(&a->archive, ENOMEM,
3363 "Can't allocate memory for metadata(xattr)");
3364 ret = ARCHIVE_FATAL;
3367 xattr_size = flistxattr(tmpfd, xattr_names, xattr_size, 0);
3368 if (xattr_size == -1) {
3369 archive_set_error(&a->archive, errno,
3370 "Failed to read metadata(xattr)");
3374 for (xattr_i = 0; xattr_i < xattr_size;
3375 xattr_i += strlen(xattr_names + xattr_i) + 1) {
3379 s = fgetxattr(tmpfd, xattr_names + xattr_i, NULL, 0, 0, 0);
3381 archive_set_error(&a->archive, errno,
3382 "Failed to get metadata(xattr)");
3386 xattr_val = realloc(xattr_val, s);
3387 if (xattr_val == NULL) {
3388 archive_set_error(&a->archive, ENOMEM,
3389 "Failed to get metadata(xattr)");
3393 s = fgetxattr(tmpfd, xattr_names + xattr_i, xattr_val, s, 0, 0);
3395 archive_set_error(&a->archive, errno,
3396 "Failed to get metadata(xattr)");
3400 f = fsetxattr(dffd, xattr_names + xattr_i, xattr_val, s, 0, 0);
3402 archive_set_error(&a->archive, errno,
3403 "Failed to get metadata(xattr)");
3416 copy_acls(struct archive_write_disk *a, int tmpfd, int dffd)
3418 acl_t acl, dfacl = NULL;
3419 int acl_r, ret = ARCHIVE_OK;
3421 acl = acl_get_fd(tmpfd);
3423 if (errno == ENOENT)
3424 /* There are not any ACLs. */
3426 archive_set_error(&a->archive, errno,
3427 "Failed to get metadata(acl)");
3431 dfacl = acl_dup(acl);
3432 acl_r = acl_set_fd(dffd, dfacl);
3434 archive_set_error(&a->archive, errno,
3435 "Failed to get metadata(acl)");
3448 create_tempdatafork(struct archive_write_disk *a, const char *pathname)
3450 struct archive_string tmpdatafork;
3453 archive_string_init(&tmpdatafork);
3454 archive_strcpy(&tmpdatafork, "tar.md.XXXXXX");
3455 tmpfd = mkstemp(tmpdatafork.s);
3457 archive_set_error(&a->archive, errno,
3458 "Failed to mkstemp");
3459 archive_string_free(&tmpdatafork);
3462 if (copyfile(pathname, tmpdatafork.s, 0,
3463 COPYFILE_UNPACK | COPYFILE_NOFOLLOW
3464 | COPYFILE_ACL | COPYFILE_XATTR) < 0) {
3465 archive_set_error(&a->archive, errno,
3466 "Failed to restore metadata");
3470 unlink(tmpdatafork.s);
3471 archive_string_free(&tmpdatafork);
3476 copy_metadata(struct archive_write_disk *a, const char *metadata,
3477 const char *datafork, int datafork_compressed)
3479 int ret = ARCHIVE_OK;
3481 if (datafork_compressed) {
3484 tmpfd = create_tempdatafork(a, metadata);
3486 return (ARCHIVE_WARN);
3489 * Do not open the data fork compressed by HFS+ compression
3490 * with at least a writing mode(O_RDWR or O_WRONLY). it
3491 * makes the data fork uncompressed.
3493 dffd = open(datafork, 0);
3495 archive_set_error(&a->archive, errno,
3496 "Failed to open the data fork for metadata");
3498 return (ARCHIVE_WARN);
3501 #if defined(HAVE_SYS_XATTR_H)
3502 ret = copy_xattrs(a, tmpfd, dffd);
3503 if (ret == ARCHIVE_OK)
3505 ret = copy_acls(a, tmpfd, dffd);
3509 if (copyfile(metadata, datafork, 0,
3510 COPYFILE_UNPACK | COPYFILE_NOFOLLOW
3511 | COPYFILE_ACL | COPYFILE_XATTR) < 0) {
3512 archive_set_error(&a->archive, errno,
3513 "Failed to restore metadata");
3521 set_mac_metadata(struct archive_write_disk *a, const char *pathname,
3522 const void *metadata, size_t metadata_size)
3524 struct archive_string tmp;
3527 int ret = ARCHIVE_OK;
3529 /* This would be simpler if copyfile() could just accept the
3530 * metadata as a block of memory; then we could sidestep this
3531 * silly dance of writing the data to disk just so that
3532 * copyfile() can read it back in again. */
3533 archive_string_init(&tmp);
3534 archive_strcpy(&tmp, pathname);
3535 archive_strcat(&tmp, ".XXXXXX");
3536 fd = mkstemp(tmp.s);
3539 archive_set_error(&a->archive, errno,
3540 "Failed to restore metadata");
3541 archive_string_free(&tmp);
3542 return (ARCHIVE_WARN);
3544 written = write(fd, metadata, metadata_size);
3546 if ((size_t)written != metadata_size) {
3547 archive_set_error(&a->archive, errno,
3548 "Failed to restore metadata");
3553 #if defined(UF_COMPRESSED)
3554 if ((a->todo & TODO_HFS_COMPRESSION) != 0 &&
3555 (ret = lazy_stat(a)) == ARCHIVE_OK)
3556 compressed = a->st.st_flags & UF_COMPRESSED;
3560 ret = copy_metadata(a, tmp.s, pathname, compressed);
3563 archive_string_free(&tmp);
3568 fixup_appledouble(struct archive_write_disk *a, const char *pathname)
3573 struct archive_string datafork;
3574 int fd = -1, ret = ARCHIVE_OK;
3576 archive_string_init(&datafork);
3577 /* Check if the current file name is a type of the resource
3579 p = strrchr(pathname, '/');
3584 if (p[0] != '.' || p[1] != '_')
3585 goto skip_appledouble;
3588 * Check if the data fork file exists.
3590 * TODO: Check if this write disk object has handled it.
3592 archive_strncpy(&datafork, pathname, p - pathname);
3593 archive_strcat(&datafork, p + 2);
3594 if (lstat(datafork.s, &st) == -1 ||
3595 (st.st_mode & AE_IFMT) != AE_IFREG)
3596 goto skip_appledouble;
3599 * Check if the file is in the AppleDouble form.
3601 fd = open(pathname, O_RDONLY | O_BINARY | O_CLOEXEC);
3602 __archive_ensure_cloexec_flag(fd);
3604 archive_set_error(&a->archive, errno,
3605 "Failed to open a restoring file");
3607 goto skip_appledouble;
3609 if (read(fd, buff, 8) == -1) {
3610 archive_set_error(&a->archive, errno,
3611 "Failed to read a restoring file");
3614 goto skip_appledouble;
3617 /* Check AppleDouble Magic Code. */
3618 if (archive_be32dec(buff) != 0x00051607)
3619 goto skip_appledouble;
3620 /* Check AppleDouble Version. */
3621 if (archive_be32dec(buff+4) != 0x00020000)
3622 goto skip_appledouble;
3624 ret = copy_metadata(a, pathname, datafork.s,
3625 #if defined(UF_COMPRESSED)
3626 st.st_flags & UF_COMPRESSED);
3630 if (ret == ARCHIVE_OK) {
3635 archive_string_free(&datafork);
3640 #if HAVE_LSETXATTR || HAVE_LSETEA
3642 * Restore extended attributes - Linux and AIX implementations:
3643 * AIX' ea interface is syntaxwise identical to the Linux xattr interface.
3646 set_xattrs(struct archive_write_disk *a)
3648 struct archive_entry *entry = a->entry;
3649 static int warning_done = 0;
3650 int ret = ARCHIVE_OK;
3651 int i = archive_entry_xattr_reset(entry);
3657 archive_entry_xattr_next(entry, &name, &value, &size);
3659 strncmp(name, "xfsroot.", 8) != 0 &&
3660 strncmp(name, "system.", 7) != 0) {
3664 e = fsetxattr(a->fd, name, value, size, 0);
3668 e = fsetea(a->fd, name, value, size, 0);
3673 e = lsetxattr(archive_entry_pathname(entry),
3674 name, value, size, 0);
3676 e = lsetea(archive_entry_pathname(entry),
3677 name, value, size, 0);
3681 if (errno == ENOTSUP || errno == ENOSYS) {
3682 if (!warning_done) {
3684 archive_set_error(&a->archive, errno,
3685 "Cannot restore extended "
3686 "attributes on this file "
3690 archive_set_error(&a->archive, errno,
3691 "Failed to set extended attribute");
3695 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
3696 "Invalid extended attribute encountered");
3702 #elif HAVE_EXTATTR_SET_FILE && HAVE_DECL_EXTATTR_NAMESPACE_USER
3704 * Restore extended attributes - FreeBSD implementation
3707 set_xattrs(struct archive_write_disk *a)
3709 struct archive_entry *entry = a->entry;
3710 static int warning_done = 0;
3711 int ret = ARCHIVE_OK;
3712 int i = archive_entry_xattr_reset(entry);
3718 archive_entry_xattr_next(entry, &name, &value, &size);
3723 if (strncmp(name, "user.", 5) == 0) {
3724 /* "user." attributes go to user namespace */
3726 namespace = EXTATTR_NAMESPACE_USER;
3728 /* Warn about other extended attributes. */
3729 archive_set_error(&a->archive,
3730 ARCHIVE_ERRNO_FILE_FORMAT,
3731 "Can't restore extended attribute ``%s''",
3737 #if HAVE_EXTATTR_SET_FD
3739 e = extattr_set_fd(a->fd, namespace, name, value, size);
3742 /* TODO: should we use extattr_set_link() instead? */
3744 e = extattr_set_file(archive_entry_pathname(entry),
3745 namespace, name, value, size);
3747 if (e != (int)size) {
3748 if (errno == ENOTSUP || errno == ENOSYS) {
3749 if (!warning_done) {
3751 archive_set_error(&a->archive, errno,
3752 "Cannot restore extended "
3753 "attributes on this file "
3757 archive_set_error(&a->archive, errno,
3758 "Failed to set extended attribute");
3769 * Restore extended attributes - stub implementation for unsupported systems
3772 set_xattrs(struct archive_write_disk *a)
3774 static int warning_done = 0;
3776 /* If there aren't any extended attributes, then it's okay not
3777 * to extract them, otherwise, issue a single warning. */
3778 if (archive_entry_xattr_count(a->entry) != 0 && !warning_done) {
3780 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
3781 "Cannot restore extended attributes on this system");
3782 return (ARCHIVE_WARN);
3784 /* Warning was already emitted; suppress further warnings. */
3785 return (ARCHIVE_OK);
3790 * Test if file on disk is older than entry.
3793 older(struct stat *st, struct archive_entry *entry)
3795 /* First, test the seconds and return if we have a definite answer. */
3796 /* Definitely older. */
3797 if (st->st_mtime < archive_entry_mtime(entry))
3799 /* Definitely younger. */
3800 if (st->st_mtime > archive_entry_mtime(entry))
3802 /* If this platform supports fractional seconds, try those. */
3803 #if HAVE_STRUCT_STAT_ST_MTIMESPEC_TV_NSEC
3804 /* Definitely older. */
3805 if (st->st_mtimespec.tv_nsec < archive_entry_mtime_nsec(entry))
3807 #elif HAVE_STRUCT_STAT_ST_MTIM_TV_NSEC
3808 /* Definitely older. */
3809 if (st->st_mtim.tv_nsec < archive_entry_mtime_nsec(entry))
3811 #elif HAVE_STRUCT_STAT_ST_MTIME_N
3813 if (st->st_mtime_n < archive_entry_mtime_nsec(entry))
3815 #elif HAVE_STRUCT_STAT_ST_UMTIME
3817 if (st->st_umtime * 1000 < archive_entry_mtime_nsec(entry))
3819 #elif HAVE_STRUCT_STAT_ST_MTIME_USEC
3821 if (st->st_mtime_usec * 1000 < archive_entry_mtime_nsec(entry))
3824 /* This system doesn't have high-res timestamps. */
3826 /* Same age or newer, so not older. */
3830 #endif /* !_WIN32 || __CYGWIN__ */
projects / dragonfly.git / blob