2 * Copyright (c) 2003-2010 Tim Kientzle
3 * Copyright (c) 2012 Michihiro NAKAJIMA
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer
11 * in this position and unchanged.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19 * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 #include "archive_platform.h"
29 __FBSDID("$FreeBSD$");
31 #if !defined(_WIN32) || defined(__CYGWIN__)
33 #ifdef HAVE_SYS_TYPES_H
34 #include <sys/types.h>
39 #ifdef HAVE_SYS_EXTATTR_H
40 #include <sys/extattr.h>
42 #if defined(HAVE_SYS_XATTR_H)
43 #include <sys/xattr.h>
44 #elif defined(HAVE_ATTR_XATTR_H)
45 #include <attr/xattr.h>
50 #ifdef HAVE_SYS_IOCTL_H
51 #include <sys/ioctl.h>
53 #ifdef HAVE_SYS_STAT_H
56 #ifdef HAVE_SYS_TIME_H
59 #ifdef HAVE_SYS_UTIME_H
60 #include <sys/utime.h>
62 #ifdef HAVE_COPYFILE_H
74 #ifdef HAVE_LANGINFO_H
77 #ifdef HAVE_LINUX_FS_H
78 #include <linux/fs.h> /* for Linux file flags */
81 * Some Linux distributions have both linux/ext2_fs.h and ext2fs/ext2_fs.h.
82 * As the include guards don't agree, the order of include is important.
84 #ifdef HAVE_LINUX_EXT2_FS_H
85 #include <linux/ext2_fs.h> /* for Linux file flags */
87 #if defined(HAVE_EXT2FS_EXT2_FS_H) && !defined(__CYGWIN__)
88 #include <ext2fs/ext2_fs.h> /* Linux file flags, broken on Cygwin */
109 #ifdef F_GETTIMES /* Tru64 specific */
110 #include <sys/fcntl1.h>
114 #include <TargetConditionals.h>
115 #if TARGET_OS_MAC && !TARGET_OS_EMBEDDED && HAVE_QUARANTINE_H
116 #include <quarantine.h>
117 #define HAVE_QUARANTINE 1
125 /* TODO: Support Mac OS 'quarantine' feature. This is really just a
126 * standard tag to mark files that have been downloaded as "tainted".
127 * On Mac OS, we should mark the extracted files as tainted if the
128 * archive being read was tainted. Windows has a similar feature; we
129 * should investigate ways to support this generically. */
132 #include "archive_acl_private.h"
133 #include "archive_string.h"
134 #include "archive_endian.h"
135 #include "archive_entry.h"
136 #include "archive_private.h"
137 #include "archive_write_disk_private.h"
147 struct fixup_entry *next;
148 struct archive_acl acl;
154 unsigned long atime_nanos;
155 unsigned long birthtime_nanos;
156 unsigned long mtime_nanos;
157 unsigned long ctime_nanos;
158 unsigned long fflags_set;
159 size_t mac_metadata_size;
161 int fixup; /* bitmask of what needs fixing */
166 * We use a bitmask to track which operations remain to be done for
167 * this file. In particular, this helps us avoid unnecessary
168 * operations when it's possible to take care of one step as a
169 * side-effect of another. For example, mkdir() can specify the mode
170 * for the newly-created object but symlink() cannot. This means we
171 * can skip chmod() if mkdir() succeeded, but we must explicitly
172 * chmod() if we're trying to create a directory that already exists
173 * (mkdir() failed) or if we're restoring a symlink. Similarly, we
174 * need to verify UID/GID before trying to restore SUID/SGID bits;
175 * that verification can occur explicitly through a stat() call or
176 * implicitly because of a successful chown() call.
178 #define TODO_MODE_FORCE 0x40000000
179 #define TODO_MODE_BASE 0x20000000
180 #define TODO_SUID 0x10000000
181 #define TODO_SUID_CHECK 0x08000000
182 #define TODO_SGID 0x04000000
183 #define TODO_SGID_CHECK 0x02000000
184 #define TODO_APPLEDOUBLE 0x01000000
185 #define TODO_MODE (TODO_MODE_BASE|TODO_SUID|TODO_SGID)
186 #define TODO_TIMES ARCHIVE_EXTRACT_TIME
187 #define TODO_OWNER ARCHIVE_EXTRACT_OWNER
188 #define TODO_FFLAGS ARCHIVE_EXTRACT_FFLAGS
189 #define TODO_ACLS ARCHIVE_EXTRACT_ACL
190 #define TODO_XATTR ARCHIVE_EXTRACT_XATTR
191 #define TODO_MAC_METADATA ARCHIVE_EXTRACT_MAC_METADATA
192 #define TODO_HFS_COMPRESSION ARCHIVE_EXTRACT_HFS_COMPRESSION_FORCED
194 struct archive_write_disk {
195 struct archive archive;
198 struct fixup_entry *fixup_list;
199 struct fixup_entry *current_fixup;
202 int64_t skip_file_dev;
203 int64_t skip_file_ino;
206 int64_t (*lookup_gid)(void *private, const char *gname, int64_t gid);
207 void (*cleanup_gid)(void *private);
208 void *lookup_gid_data;
209 int64_t (*lookup_uid)(void *private, const char *uname, int64_t uid);
210 void (*cleanup_uid)(void *private);
211 void *lookup_uid_data;
214 * Full path of last file to satisfy symlink checks.
216 struct archive_string path_safe;
219 * Cached stat data from disk for the current entry.
220 * If this is valid, pst points to st. Otherwise,
226 /* Information about the object being restored right now. */
227 struct archive_entry *entry; /* Entry being extracted. */
228 char *name; /* Name of entry, possibly edited. */
229 struct archive_string _name_data; /* backing store for 'name' */
230 /* Tasks remaining for this object. */
232 /* Tasks deferred until end-of-archive. */
234 /* Options requested by the client. */
236 /* Handle for the file we're restoring. */
238 /* Current offset for writing data to the file. */
240 /* Last offset actually written to disk. */
242 /* Total bytes actually written to files. */
243 int64_t total_bytes_written;
244 /* Maximum size of file, -1 if unknown. */
246 /* Dir we were in before this restore; only for deep paths. */
248 /* Mode we should use for this entry; affected by _PERM and umask. */
250 /* UID/GID to use in restoring this entry. */
256 /* Xattr "com.apple.decmpfs". */
257 uint32_t decmpfs_attr_size;
258 unsigned char *decmpfs_header_p;
259 /* ResourceFork set options used for fsetxattr. */
260 int rsrc_xattr_options;
261 /* Xattr "com.apple.ResourceFork". */
262 unsigned char *resource_fork;
263 size_t resource_fork_allocated_size;
264 unsigned int decmpfs_block_count;
265 uint32_t *decmpfs_block_info;
266 /* Buffer for compressed data. */
267 unsigned char *compressed_buffer;
268 size_t compressed_buffer_size;
269 size_t compressed_buffer_remaining;
270 /* The offset of the ResourceFork where compressed data will
272 uint32_t compressed_rsrc_position;
273 uint32_t compressed_rsrc_position_v;
274 /* Buffer for uncompressed data. */
275 char *uncompressed_buffer;
276 size_t block_remaining_bytes;
277 size_t file_remaining_bytes;
281 int decmpfs_compression_level;
286 * Default mode for dirs created automatically (will be modified by umask).
287 * Note that POSIX specifies 0777 for implicitly-created dirs, "modified
288 * by the process' file creation mask."
290 #define DEFAULT_DIR_MODE 0777
292 * Dir modes are restored in two steps: During the extraction, the permissions
293 * in the archive are modified to match the following limits. During
294 * the post-extract fixup pass, the permissions from the archive are
297 #define MINIMUM_DIR_MODE 0700
298 #define MAXIMUM_DIR_MODE 0775
301 * Maxinum uncompressed size of a decmpfs block.
303 #define MAX_DECMPFS_BLOCK_SIZE (64 * 1024)
305 * HFS+ compression type.
307 #define CMP_XATTR 3/* Compressed data in xattr. */
308 #define CMP_RESOURCE_FORK 4/* Compressed data in resource fork. */
310 * HFS+ compression resource fork.
312 #define RSRC_H_SIZE 260 /* Base size of Resource fork header. */
313 #define RSRC_F_SIZE 50 /* Size of Resource fork footer. */
314 /* Size to write compressed data to resource fork. */
315 #define COMPRESSED_W_SIZE (64 * 1024)
316 /* decmpfs difinitions. */
317 #define MAX_DECMPFS_XATTR_SIZE 3802
318 #ifndef DECMPFS_XATTR_NAME
319 #define DECMPFS_XATTR_NAME "com.apple.decmpfs"
321 #define DECMPFS_MAGIC 0x636d7066
322 #define DECMPFS_COMPRESSION_MAGIC 0
323 #define DECMPFS_COMPRESSION_TYPE 4
324 #define DECMPFS_UNCOMPRESSED_SIZE 8
325 #define DECMPFS_HEADER_SIZE 16
327 #define HFS_BLOCKS(s) ((s) >> 12)
329 static int check_symlinks(struct archive_write_disk *);
330 static int create_filesystem_object(struct archive_write_disk *);
331 static struct fixup_entry *current_fixup(struct archive_write_disk *, const char *pathname);
332 #if defined(HAVE_FCHDIR) && defined(PATH_MAX)
333 static void edit_deep_directories(struct archive_write_disk *ad);
335 static int cleanup_pathname(struct archive_write_disk *);
336 static int create_dir(struct archive_write_disk *, char *);
337 static int create_parent_dir(struct archive_write_disk *, char *);
338 static ssize_t hfs_write_data_block(struct archive_write_disk *,
339 const char *, size_t);
340 static int fixup_appledouble(struct archive_write_disk *, const char *);
341 static int older(struct stat *, struct archive_entry *);
342 static int restore_entry(struct archive_write_disk *);
343 static int set_mac_metadata(struct archive_write_disk *, const char *,
344 const void *, size_t);
345 static int set_xattrs(struct archive_write_disk *);
346 static int set_fflags(struct archive_write_disk *);
347 static int set_fflags_platform(struct archive_write_disk *, int fd,
348 const char *name, mode_t mode,
349 unsigned long fflags_set, unsigned long fflags_clear);
350 static int set_ownership(struct archive_write_disk *);
351 static int set_mode(struct archive_write_disk *, int mode);
352 static int set_time(int, int, const char *, time_t, long, time_t, long);
353 static int set_times(struct archive_write_disk *, int, int, const char *,
354 time_t, long, time_t, long, time_t, long, time_t, long);
355 static int set_times_from_entry(struct archive_write_disk *);
356 static struct fixup_entry *sort_dir_list(struct fixup_entry *p);
357 static ssize_t write_data_block(struct archive_write_disk *,
358 const char *, size_t);
360 static struct archive_vtable *archive_write_disk_vtable(void);
362 static int _archive_write_disk_close(struct archive *);
363 static int _archive_write_disk_free(struct archive *);
364 static int _archive_write_disk_header(struct archive *, struct archive_entry *);
365 static int64_t _archive_write_disk_filter_bytes(struct archive *, int);
366 static int _archive_write_disk_finish_entry(struct archive *);
367 static ssize_t _archive_write_disk_data(struct archive *, const void *, size_t);
368 static ssize_t _archive_write_disk_data_block(struct archive *, const void *, size_t, int64_t);
371 lazy_stat(struct archive_write_disk *a)
373 if (a->pst != NULL) {
374 /* Already have stat() data available. */
378 if (a->fd >= 0 && fstat(a->fd, &a->st) == 0) {
384 * XXX At this point, symlinks should not be hit, otherwise
385 * XXX a race occurred. Do we want to check explicitly for that?
387 if (lstat(a->name, &a->st) == 0) {
391 archive_set_error(&a->archive, errno, "Couldn't stat file");
392 return (ARCHIVE_WARN);
395 static struct archive_vtable *
396 archive_write_disk_vtable(void)
398 static struct archive_vtable av;
399 static int inited = 0;
402 av.archive_close = _archive_write_disk_close;
403 av.archive_filter_bytes = _archive_write_disk_filter_bytes;
404 av.archive_free = _archive_write_disk_free;
405 av.archive_write_header = _archive_write_disk_header;
406 av.archive_write_finish_entry
407 = _archive_write_disk_finish_entry;
408 av.archive_write_data = _archive_write_disk_data;
409 av.archive_write_data_block = _archive_write_disk_data_block;
416 _archive_write_disk_filter_bytes(struct archive *_a, int n)
418 struct archive_write_disk *a = (struct archive_write_disk *)_a;
419 (void)n; /* UNUSED */
420 if (n == -1 || n == 0)
421 return (a->total_bytes_written);
427 archive_write_disk_set_options(struct archive *_a, int flags)
429 struct archive_write_disk *a = (struct archive_write_disk *)_a;
437 * Extract this entry to disk.
439 * TODO: Validate hardlinks. According to the standards, we're
440 * supposed to check each extracted hardlink and squawk if it refers
441 * to a file that we didn't restore. I'm not entirely convinced this
442 * is a good idea, but more importantly: Is there any way to validate
443 * hardlinks without keeping a complete list of filenames from the
444 * entire archive?? Ugh.
448 _archive_write_disk_header(struct archive *_a, struct archive_entry *entry)
450 struct archive_write_disk *a = (struct archive_write_disk *)_a;
451 struct fixup_entry *fe;
454 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
455 ARCHIVE_STATE_HEADER | ARCHIVE_STATE_DATA,
456 "archive_write_disk_header");
457 archive_clear_error(&a->archive);
458 if (a->archive.state & ARCHIVE_STATE_DATA) {
459 r = _archive_write_disk_finish_entry(&a->archive);
460 if (r == ARCHIVE_FATAL)
464 /* Set up for this particular entry. */
466 a->current_fixup = NULL;
469 archive_entry_free(a->entry);
472 a->entry = archive_entry_clone(entry);
477 a->uid = a->user_uid;
478 a->mode = archive_entry_mode(a->entry);
479 if (archive_entry_size_is_set(a->entry))
480 a->filesize = archive_entry_size(a->entry);
483 archive_strcpy(&(a->_name_data), archive_entry_pathname(a->entry));
484 a->name = a->_name_data.s;
485 archive_clear_error(&a->archive);
488 * Clean up the requested path. This is necessary for correct
489 * dir restores; the dir restore logic otherwise gets messed
490 * up by nonsense like "dir/.".
492 ret = cleanup_pathname(a);
493 if (ret != ARCHIVE_OK)
497 * Query the umask so we get predictable mode settings.
498 * This gets done on every call to _write_header in case the
499 * user edits their umask during the extraction for some
502 umask(a->user_umask = umask(0));
504 /* Figure out what we need to do for this entry. */
505 a->todo = TODO_MODE_BASE;
506 if (a->flags & ARCHIVE_EXTRACT_PERM) {
507 a->todo |= TODO_MODE_FORCE; /* Be pushy about permissions. */
509 * SGID requires an extra "check" step because we
510 * cannot easily predict the GID that the system will
511 * assign. (Different systems assign GIDs to files
512 * based on a variety of criteria, including process
513 * credentials and the gid of the enclosing
514 * directory.) We can only restore the SGID bit if
515 * the file has the right GID, and we only know the
516 * GID if we either set it (see set_ownership) or if
517 * we've actually called stat() on the file after it
518 * was restored. Since there are several places at
519 * which we might verify the GID, we need a TODO bit
522 if (a->mode & S_ISGID)
523 a->todo |= TODO_SGID | TODO_SGID_CHECK;
525 * Verifying the SUID is simpler, but can still be
526 * done in multiple ways, hence the separate "check" bit.
528 if (a->mode & S_ISUID)
529 a->todo |= TODO_SUID | TODO_SUID_CHECK;
532 * User didn't request full permissions, so don't
533 * restore SUID, SGID bits and obey umask.
538 a->mode &= ~a->user_umask;
540 if (a->flags & ARCHIVE_EXTRACT_OWNER)
541 a->todo |= TODO_OWNER;
542 if (a->flags & ARCHIVE_EXTRACT_TIME)
543 a->todo |= TODO_TIMES;
544 if (a->flags & ARCHIVE_EXTRACT_ACL) {
545 if (archive_entry_filetype(a->entry) == AE_IFDIR)
546 a->deferred |= TODO_ACLS;
548 a->todo |= TODO_ACLS;
550 if (a->flags & ARCHIVE_EXTRACT_MAC_METADATA) {
551 if (archive_entry_filetype(a->entry) == AE_IFDIR)
552 a->deferred |= TODO_MAC_METADATA;
554 a->todo |= TODO_MAC_METADATA;
556 #if defined(__APPLE__) && defined(UF_COMPRESSED) && defined(HAVE_ZLIB_H)
557 if ((a->flags & ARCHIVE_EXTRACT_NO_HFS_COMPRESSION) == 0) {
558 unsigned long set, clear;
559 archive_entry_fflags(a->entry, &set, &clear);
560 if ((set & ~clear) & UF_COMPRESSED) {
561 a->todo |= TODO_HFS_COMPRESSION;
562 a->decmpfs_block_count = (unsigned)-1;
565 if ((a->flags & ARCHIVE_EXTRACT_HFS_COMPRESSION_FORCED) != 0 &&
566 (a->mode & AE_IFMT) == AE_IFREG && a->filesize > 0) {
567 a->todo |= TODO_HFS_COMPRESSION;
568 a->decmpfs_block_count = (unsigned)-1;
573 /* Check if the current file name is a type of the
574 * resource fork file. */
575 p = strrchr(a->name, '/');
580 if (p[0] == '.' && p[1] == '_') {
581 /* Do not compress "._XXX" files. */
582 a->todo &= ~TODO_HFS_COMPRESSION;
584 a->todo |= TODO_APPLEDOUBLE;
589 if (a->flags & ARCHIVE_EXTRACT_XATTR)
590 a->todo |= TODO_XATTR;
591 if (a->flags & ARCHIVE_EXTRACT_FFLAGS)
592 a->todo |= TODO_FFLAGS;
593 if (a->flags & ARCHIVE_EXTRACT_SECURE_SYMLINKS) {
594 ret = check_symlinks(a);
595 if (ret != ARCHIVE_OK)
598 #if defined(HAVE_FCHDIR) && defined(PATH_MAX)
599 /* If path exceeds PATH_MAX, shorten the path. */
600 edit_deep_directories(a);
603 ret = restore_entry(a);
605 #if defined(__APPLE__) && defined(UF_COMPRESSED) && defined(HAVE_ZLIB_H)
607 * Check if the filesystem the file is restoring on supports
608 * HFS+ Compression. If not, cancel HFS+ Compression.
610 if (a->todo | TODO_HFS_COMPRESSION) {
612 * NOTE: UF_COMPRESSED is ignored even if the filesystem
613 * supports HFS+ Compression because the file should
614 * have at least an extended attriute "com.apple.decmpfs"
615 * before the flag is set to indicate that the file have
616 * been compressed. If hte filesystem does not support
617 * HFS+ Compression the system call will fail.
619 if (a->fd < 0 || fchflags(a->fd, UF_COMPRESSED) != 0)
620 a->todo &= ~TODO_HFS_COMPRESSION;
625 * TODO: There are rumours that some extended attributes must
626 * be restored before file data is written. If this is true,
627 * then we either need to write all extended attributes both
628 * before and after restoring the data, or find some rule for
629 * determining which must go first and which last. Due to the
630 * many ways people are using xattrs, this may prove to be an
631 * intractable problem.
635 /* If we changed directory above, restore it here. */
636 if (a->restore_pwd >= 0) {
637 r = fchdir(a->restore_pwd);
639 archive_set_error(&a->archive, errno, "chdir() failure");
642 close(a->restore_pwd);
648 * Fixup uses the unedited pathname from archive_entry_pathname(),
649 * because it is relative to the base dir and the edited path
650 * might be relative to some intermediate dir as a result of the
651 * deep restore logic.
653 if (a->deferred & TODO_MODE) {
654 fe = current_fixup(a, archive_entry_pathname(entry));
656 return (ARCHIVE_FATAL);
657 fe->fixup |= TODO_MODE_BASE;
661 if ((a->deferred & TODO_TIMES)
662 && (archive_entry_mtime_is_set(entry)
663 || archive_entry_atime_is_set(entry))) {
664 fe = current_fixup(a, archive_entry_pathname(entry));
666 return (ARCHIVE_FATAL);
668 fe->fixup |= TODO_TIMES;
669 if (archive_entry_atime_is_set(entry)) {
670 fe->atime = archive_entry_atime(entry);
671 fe->atime_nanos = archive_entry_atime_nsec(entry);
673 /* If atime is unset, use start time. */
674 fe->atime = a->start_time;
677 if (archive_entry_mtime_is_set(entry)) {
678 fe->mtime = archive_entry_mtime(entry);
679 fe->mtime_nanos = archive_entry_mtime_nsec(entry);
681 /* If mtime is unset, use start time. */
682 fe->mtime = a->start_time;
685 if (archive_entry_birthtime_is_set(entry)) {
686 fe->birthtime = archive_entry_birthtime(entry);
687 fe->birthtime_nanos = archive_entry_birthtime_nsec(entry);
689 /* If birthtime is unset, use mtime. */
690 fe->birthtime = fe->mtime;
691 fe->birthtime_nanos = fe->mtime_nanos;
695 if (a->deferred & TODO_ACLS) {
696 fe = current_fixup(a, archive_entry_pathname(entry));
698 return (ARCHIVE_FATAL);
699 fe->fixup |= TODO_ACLS;
700 archive_acl_copy(&fe->acl, archive_entry_acl(entry));
703 if (a->deferred & TODO_MAC_METADATA) {
704 const void *metadata;
705 size_t metadata_size;
706 metadata = archive_entry_mac_metadata(a->entry, &metadata_size);
707 if (metadata != NULL && metadata_size > 0) {
708 fe = current_fixup(a, archive_entry_pathname(entry));
710 return (ARCHIVE_FATAL);
711 fe->mac_metadata = malloc(metadata_size);
712 if (fe->mac_metadata != NULL) {
713 memcpy(fe->mac_metadata, metadata, metadata_size);
714 fe->mac_metadata_size = metadata_size;
715 fe->fixup |= TODO_MAC_METADATA;
720 if (a->deferred & TODO_FFLAGS) {
721 fe = current_fixup(a, archive_entry_pathname(entry));
723 return (ARCHIVE_FATAL);
724 fe->fixup |= TODO_FFLAGS;
725 /* TODO: Complete this.. defer fflags from below. */
728 /* We've created the object and are ready to pour data into it. */
729 if (ret >= ARCHIVE_WARN)
730 a->archive.state = ARCHIVE_STATE_DATA;
732 * If it's not open, tell our client not to try writing.
733 * In particular, dirs, links, etc, don't get written to.
736 archive_entry_set_size(entry, 0);
744 archive_write_disk_set_skip_file(struct archive *_a, int64_t d, int64_t i)
746 struct archive_write_disk *a = (struct archive_write_disk *)_a;
747 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
748 ARCHIVE_STATE_ANY, "archive_write_disk_set_skip_file");
749 a->skip_file_set = 1;
750 a->skip_file_dev = d;
751 a->skip_file_ino = i;
756 write_data_block(struct archive_write_disk *a, const char *buff, size_t size)
758 uint64_t start_size = size;
759 ssize_t bytes_written = 0;
760 ssize_t block_size = 0, bytes_to_write;
765 if (a->filesize == 0 || a->fd < 0) {
766 archive_set_error(&a->archive, 0,
767 "Attempt to write to an empty file");
768 return (ARCHIVE_WARN);
771 if (a->flags & ARCHIVE_EXTRACT_SPARSE) {
772 #if HAVE_STRUCT_STAT_ST_BLKSIZE
774 if ((r = lazy_stat(a)) != ARCHIVE_OK)
776 block_size = a->pst->st_blksize;
778 /* XXX TODO XXX Is there a more appropriate choice here ? */
779 /* This needn't match the filesystem allocation size. */
780 block_size = 16*1024;
784 /* If this write would run beyond the file size, truncate it. */
785 if (a->filesize >= 0 && (int64_t)(a->offset + size) > a->filesize)
786 start_size = size = (size_t)(a->filesize - a->offset);
788 /* Write the data. */
790 if (block_size == 0) {
791 bytes_to_write = size;
793 /* We're sparsifying the file. */
797 /* Skip leading zero bytes. */
798 for (p = buff, end = buff + size; p < end; ++p) {
802 a->offset += p - buff;
808 /* Calculate next block boundary after offset. */
810 = (a->offset / block_size + 1) * block_size;
812 /* If the adjusted write would cross block boundary,
813 * truncate it to the block boundary. */
814 bytes_to_write = size;
815 if (a->offset + bytes_to_write > block_end)
816 bytes_to_write = block_end - a->offset;
818 /* Seek if necessary to the specified offset. */
819 if (a->offset != a->fd_offset) {
820 if (lseek(a->fd, a->offset, SEEK_SET) < 0) {
821 archive_set_error(&a->archive, errno,
823 return (ARCHIVE_FATAL);
825 a->fd_offset = a->offset;
827 bytes_written = write(a->fd, buff, bytes_to_write);
828 if (bytes_written < 0) {
829 archive_set_error(&a->archive, errno, "Write failed");
830 return (ARCHIVE_WARN);
832 buff += bytes_written;
833 size -= bytes_written;
834 a->total_bytes_written += bytes_written;
835 a->offset += bytes_written;
836 a->fd_offset = a->offset;
838 return (start_size - size);
841 #if defined(__APPLE__) && defined(UF_COMPRESSED) && defined(HAVE_SYS_XATTR_H)\
842 && defined(HAVE_ZLIB_H)
845 * Set UF_COMPRESSED file flag.
846 * This have to be called after hfs_write_decmpfs() because if the
847 * file does not have "com.apple.decmpfs" xattr the flag is ignored.
850 hfs_set_compressed_fflag(struct archive_write_disk *a)
854 if ((r = lazy_stat(a)) != ARCHIVE_OK)
857 a->st.st_flags |= UF_COMPRESSED;
858 if (fchflags(a->fd, a->st.st_flags) != 0) {
859 archive_set_error(&a->archive, errno,
860 "Failed to set UF_COMPRESSED file flag");
861 return (ARCHIVE_WARN);
867 * HFS+ Compression decmpfs
869 * +------------------------------+ +0
870 * | Magic(LE 4 bytes) |
871 * +------------------------------+
872 * | Type(LE 4 bytes) |
873 * +------------------------------+
874 * | Uncompressed size(LE 8 bytes)|
875 * +------------------------------+ +16
877 * | Compressed data |
878 * | (Placed only if Type == 3) |
880 * +------------------------------+ +3802 = MAX_DECMPFS_XATTR_SIZE
882 * Type is 3: decmpfs has compressed data.
883 * Type is 4: Resource Fork has compressed data.
886 * Write "com.apple.decmpfs"
889 hfs_write_decmpfs(struct archive_write_disk *a)
892 uint32_t compression_type;
894 r = fsetxattr(a->fd, DECMPFS_XATTR_NAME, a->decmpfs_header_p,
895 a->decmpfs_attr_size, 0, 0);
897 archive_set_error(&a->archive, errno,
898 "Cannot restore xattr:%s", DECMPFS_XATTR_NAME);
899 compression_type = archive_le32dec(
900 &a->decmpfs_header_p[DECMPFS_COMPRESSION_TYPE]);
901 if (compression_type == CMP_RESOURCE_FORK)
902 fremovexattr(a->fd, XATTR_RESOURCEFORK_NAME,
903 XATTR_SHOWCOMPRESSION);
904 return (ARCHIVE_WARN);
910 * HFS+ Compression Resource Fork
912 * +-----------------------------+
913 * | Header(260 bytes) |
914 * +-----------------------------+
915 * | Block count(LE 4 bytes) |
916 * +-----------------------------+ --+
917 * +-- | Offset (LE 4 bytes) | |
918 * | | [distance from Block count] | | Block 0
919 * | +-----------------------------+ |
920 * | | Compressed size(LE 4 bytes) | |
921 * | +-----------------------------+ --+
923 * | | .................. |
925 * | +-----------------------------+ --+
926 * | | Offset (LE 4 bytes) | |
927 * | +-----------------------------+ | Block (Block count -1)
928 * | | Compressed size(LE 4 bytes) | |
929 * +-> +-----------------------------+ --+
930 * | Compressed data(n bytes) | Block 0
931 * +-----------------------------+
933 * | .................. |
935 * +-----------------------------+
936 * | Compressed data(n bytes) | Block (Block count -1)
937 * +-----------------------------+
938 * | Footer(50 bytes) |
939 * +-----------------------------+
943 * Write the header of "com.apple.ResourceFork"
946 hfs_write_resource_fork(struct archive_write_disk *a, unsigned char *buff,
947 size_t bytes, uint32_t position)
951 ret = fsetxattr(a->fd, XATTR_RESOURCEFORK_NAME, buff, bytes,
952 position, a->rsrc_xattr_options);
954 archive_set_error(&a->archive, errno,
955 "Cannot restore xattr: %s at %u pos %u bytes",
956 XATTR_RESOURCEFORK_NAME,
959 return (ARCHIVE_WARN);
961 a->rsrc_xattr_options &= ~XATTR_CREATE;
966 hfs_write_compressed_data(struct archive_write_disk *a, size_t bytes_compressed)
970 ret = hfs_write_resource_fork(a, a->compressed_buffer,
971 bytes_compressed, a->compressed_rsrc_position);
972 if (ret == ARCHIVE_OK)
973 a->compressed_rsrc_position += bytes_compressed;
978 hfs_write_resource_fork_header(struct archive_write_disk *a)
982 uint32_t rsrc_header_bytes;
985 * Write resource fork header + block info.
987 buff = a->resource_fork;
988 rsrc_bytes = a->compressed_rsrc_position - RSRC_F_SIZE;
990 RSRC_H_SIZE + /* Header base size. */
991 4 + /* Block count. */
992 (a->decmpfs_block_count * 8);/* Block info */
993 archive_be32enc(buff, 0x100);
994 archive_be32enc(buff + 4, rsrc_bytes);
995 archive_be32enc(buff + 8, rsrc_bytes - 256);
996 archive_be32enc(buff + 12, 0x32);
997 memset(buff + 16, 0, 240);
998 archive_be32enc(buff + 256, rsrc_bytes - 260);
999 return hfs_write_resource_fork(a, buff, rsrc_header_bytes, 0);
1003 hfs_set_resource_fork_footer(unsigned char *buff, size_t buff_size)
1005 static const char rsrc_footer[RSRC_F_SIZE] = {
1006 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1007 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1008 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1009 0x00, 0x1c, 0x00, 0x32, 0x00, 0x00, 'c', 'm',
1010 'p', 'f', 0x00, 0x00, 0x00, 0x0a, 0x00, 0x01,
1011 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1014 if (buff_size < sizeof(rsrc_footer))
1016 memcpy(buff, rsrc_footer, sizeof(rsrc_footer));
1017 return (sizeof(rsrc_footer));
1021 hfs_reset_compressor(struct archive_write_disk *a)
1025 if (a->stream_valid)
1026 ret = deflateReset(&a->stream);
1028 ret = deflateInit(&a->stream, a->decmpfs_compression_level);
1031 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1032 "Failed to initialize compressor");
1033 return (ARCHIVE_FATAL);
1035 a->stream_valid = 1;
1037 return (ARCHIVE_OK);
1041 hfs_decompress(struct archive_write_disk *a)
1043 uint32_t *block_info;
1044 unsigned int block_count;
1045 uint32_t data_pos, data_size;
1047 ssize_t bytes_written, bytes_to_write;
1050 block_info = (uint32_t *)(a->resource_fork + RSRC_H_SIZE);
1051 block_count = archive_le32dec(block_info++);
1052 while (block_count--) {
1053 data_pos = RSRC_H_SIZE + archive_le32dec(block_info++);
1054 data_size = archive_le32dec(block_info++);
1055 r = fgetxattr(a->fd, XATTR_RESOURCEFORK_NAME,
1056 a->compressed_buffer, data_size, data_pos, 0);
1057 if (r != data_size) {
1058 archive_set_error(&a->archive,
1059 (r < 0)?errno:ARCHIVE_ERRNO_MISC,
1060 "Failed to read resource fork");
1061 return (ARCHIVE_WARN);
1063 if (a->compressed_buffer[0] == 0xff) {
1064 bytes_to_write = data_size -1;
1065 b = a->compressed_buffer + 1;
1067 uLong dest_len = MAX_DECMPFS_BLOCK_SIZE;
1070 zr = uncompress((Bytef *)a->uncompressed_buffer,
1071 &dest_len, a->compressed_buffer, data_size);
1073 archive_set_error(&a->archive,
1075 "Failed to decompress resource fork");
1076 return (ARCHIVE_WARN);
1078 bytes_to_write = dest_len;
1079 b = (unsigned char *)a->uncompressed_buffer;
1082 bytes_written = write(a->fd, b, bytes_to_write);
1083 if (bytes_written < 0) {
1084 archive_set_error(&a->archive, errno,
1086 return (ARCHIVE_WARN);
1088 bytes_to_write -= bytes_written;
1090 } while (bytes_to_write > 0);
1092 r = fremovexattr(a->fd, XATTR_RESOURCEFORK_NAME, 0);
1094 archive_set_error(&a->archive, errno,
1095 "Failed to remove resource fork");
1096 return (ARCHIVE_WARN);
1098 return (ARCHIVE_OK);
1102 hfs_drive_compressor(struct archive_write_disk *a, const char *buff,
1105 unsigned char *buffer_compressed;
1106 size_t bytes_compressed;
1110 ret = hfs_reset_compressor(a);
1111 if (ret != ARCHIVE_OK)
1114 if (a->compressed_buffer == NULL) {
1117 block_size = COMPRESSED_W_SIZE + RSRC_F_SIZE +
1118 + compressBound(MAX_DECMPFS_BLOCK_SIZE);
1119 a->compressed_buffer = malloc(block_size);
1120 if (a->compressed_buffer == NULL) {
1121 archive_set_error(&a->archive, ENOMEM,
1122 "Can't allocate memory for Resource Fork");
1123 return (ARCHIVE_FATAL);
1125 a->compressed_buffer_size = block_size;
1126 a->compressed_buffer_remaining = block_size;
1129 buffer_compressed = a->compressed_buffer +
1130 a->compressed_buffer_size - a->compressed_buffer_remaining;
1131 a->stream.next_in = (Bytef *)(uintptr_t)(const void *)buff;
1132 a->stream.avail_in = size;
1133 a->stream.next_out = buffer_compressed;
1134 a->stream.avail_out = a->compressed_buffer_remaining;
1136 ret = deflate(&a->stream, Z_FINISH);
1142 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1143 "Failed to compress data");
1144 return (ARCHIVE_FAILED);
1146 } while (ret == Z_OK);
1147 bytes_compressed = a->compressed_buffer_remaining - a->stream.avail_out;
1150 * If the compressed size is larger than the original size,
1151 * throw away compressed data, use uncompressed data instead.
1153 if (bytes_compressed > size) {
1154 buffer_compressed[0] = 0xFF;/* uncompressed marker. */
1155 memcpy(buffer_compressed + 1, buff, size);
1156 bytes_compressed = size + 1;
1158 a->compressed_buffer_remaining -= bytes_compressed;
1161 * If the compressed size is smaller than MAX_DECMPFS_XATTR_SIZE
1162 * and the block count in the file is only one, store compressed
1163 * data to decmpfs xattr instead of the resource fork.
1165 if (a->decmpfs_block_count == 1 &&
1166 (a->decmpfs_attr_size + bytes_compressed)
1167 <= MAX_DECMPFS_XATTR_SIZE) {
1168 archive_le32enc(&a->decmpfs_header_p[DECMPFS_COMPRESSION_TYPE],
1170 memcpy(a->decmpfs_header_p + DECMPFS_HEADER_SIZE,
1171 buffer_compressed, bytes_compressed);
1172 a->decmpfs_attr_size += bytes_compressed;
1173 a->compressed_buffer_remaining = a->compressed_buffer_size;
1175 * Finish HFS+ Compression.
1176 * - Write the decmpfs xattr.
1177 * - Set the UF_COMPRESSED file flag.
1179 ret = hfs_write_decmpfs(a);
1180 if (ret == ARCHIVE_OK)
1181 ret = hfs_set_compressed_fflag(a);
1185 /* Update block info. */
1186 archive_le32enc(a->decmpfs_block_info++,
1187 a->compressed_rsrc_position_v - RSRC_H_SIZE);
1188 archive_le32enc(a->decmpfs_block_info++, bytes_compressed);
1189 a->compressed_rsrc_position_v += bytes_compressed;
1192 * Write the compressed data to the resource fork.
1194 bytes_used = a->compressed_buffer_size - a->compressed_buffer_remaining;
1195 while (bytes_used >= COMPRESSED_W_SIZE) {
1196 ret = hfs_write_compressed_data(a, COMPRESSED_W_SIZE);
1197 if (ret != ARCHIVE_OK)
1199 bytes_used -= COMPRESSED_W_SIZE;
1200 if (bytes_used > COMPRESSED_W_SIZE)
1201 memmove(a->compressed_buffer,
1202 a->compressed_buffer + COMPRESSED_W_SIZE,
1205 memcpy(a->compressed_buffer,
1206 a->compressed_buffer + COMPRESSED_W_SIZE,
1209 a->compressed_buffer_remaining = a->compressed_buffer_size - bytes_used;
1212 * If the current block is the last block, write the remaining
1213 * compressed data and the resource fork footer.
1215 if (a->file_remaining_bytes == 0) {
1219 /* Append the resource footer. */
1220 rsrc_size = hfs_set_resource_fork_footer(
1221 a->compressed_buffer + bytes_used,
1222 a->compressed_buffer_remaining);
1223 ret = hfs_write_compressed_data(a, bytes_used + rsrc_size);
1224 a->compressed_buffer_remaining = a->compressed_buffer_size;
1226 /* If the compressed size is not enouph smaller than
1227 * the uncompressed size. cancel HFS+ compression.
1228 * TODO: study a behavior of ditto utility and improve
1229 * the condition to fall back into no HFS+ compression. */
1230 bk = HFS_BLOCKS(a->compressed_rsrc_position);
1232 if (bk > HFS_BLOCKS(a->filesize))
1233 return hfs_decompress(a);
1235 * Write the resourcefork header.
1237 if (ret == ARCHIVE_OK)
1238 ret = hfs_write_resource_fork_header(a);
1240 * Finish HFS+ Compression.
1241 * - Write the decmpfs xattr.
1242 * - Set the UF_COMPRESSED file flag.
1244 if (ret == ARCHIVE_OK)
1245 ret = hfs_write_decmpfs(a);
1246 if (ret == ARCHIVE_OK)
1247 ret = hfs_set_compressed_fflag(a);
1253 hfs_write_decmpfs_block(struct archive_write_disk *a, const char *buff,
1256 const char *buffer_to_write;
1257 size_t bytes_to_write;
1260 if (a->decmpfs_block_count == (unsigned)-1) {
1263 unsigned int block_count;
1265 if (a->decmpfs_header_p == NULL) {
1266 new_block = malloc(MAX_DECMPFS_XATTR_SIZE
1267 + sizeof(uint32_t));
1268 if (new_block == NULL) {
1269 archive_set_error(&a->archive, ENOMEM,
1270 "Can't allocate memory for decmpfs");
1271 return (ARCHIVE_FATAL);
1273 a->decmpfs_header_p = new_block;
1275 a->decmpfs_attr_size = DECMPFS_HEADER_SIZE;
1276 archive_le32enc(&a->decmpfs_header_p[DECMPFS_COMPRESSION_MAGIC],
1278 archive_le32enc(&a->decmpfs_header_p[DECMPFS_COMPRESSION_TYPE],
1280 archive_le64enc(&a->decmpfs_header_p[DECMPFS_UNCOMPRESSED_SIZE],
1283 /* Calculate a block count of the file. */
1285 (a->filesize + MAX_DECMPFS_BLOCK_SIZE -1) /
1286 MAX_DECMPFS_BLOCK_SIZE;
1288 * Allocate buffer for resource fork.
1289 * Set up related pointers;
1292 RSRC_H_SIZE + /* header */
1293 4 + /* Block count */
1294 (block_count * sizeof(uint32_t) * 2) +
1295 RSRC_F_SIZE; /* footer */
1296 if (new_size > a->resource_fork_allocated_size) {
1297 new_block = realloc(a->resource_fork, new_size);
1298 if (new_block == NULL) {
1299 archive_set_error(&a->archive, ENOMEM,
1300 "Can't allocate memory for ResourceFork");
1301 return (ARCHIVE_FATAL);
1303 a->resource_fork_allocated_size = new_size;
1304 a->resource_fork = new_block;
1307 /* Allocate uncompressed buffer */
1308 if (a->uncompressed_buffer == NULL) {
1309 new_block = malloc(MAX_DECMPFS_BLOCK_SIZE);
1310 if (new_block == NULL) {
1311 archive_set_error(&a->archive, ENOMEM,
1312 "Can't allocate memory for decmpfs");
1313 return (ARCHIVE_FATAL);
1315 a->uncompressed_buffer = new_block;
1317 a->block_remaining_bytes = MAX_DECMPFS_BLOCK_SIZE;
1318 a->file_remaining_bytes = a->filesize;
1319 a->compressed_buffer_remaining = a->compressed_buffer_size;
1322 * Set up a resource fork.
1324 a->rsrc_xattr_options = XATTR_CREATE;
1325 /* Get the position where we are going to set a bunch
1327 a->decmpfs_block_info =
1328 (uint32_t *)(a->resource_fork + RSRC_H_SIZE);
1329 /* Set the block count to the resource fork. */
1330 archive_le32enc(a->decmpfs_block_info++, block_count);
1331 /* Get the position where we are goint to set compressed
1333 a->compressed_rsrc_position =
1334 RSRC_H_SIZE + 4 + (block_count * 8);
1335 a->compressed_rsrc_position_v = a->compressed_rsrc_position;
1336 a->decmpfs_block_count = block_count;
1339 /* Ignore redundant bytes. */
1340 if (a->file_remaining_bytes == 0)
1341 return ((ssize_t)size);
1343 /* Do not overrun a block size. */
1344 if (size > a->block_remaining_bytes)
1345 bytes_to_write = a->block_remaining_bytes;
1347 bytes_to_write = size;
1348 /* Do not overrun the file size. */
1349 if (bytes_to_write > a->file_remaining_bytes)
1350 bytes_to_write = a->file_remaining_bytes;
1352 /* For efficiency, if a copy length is full of the uncompressed
1353 * buffer size, do not copy writing data to it. */
1354 if (bytes_to_write == MAX_DECMPFS_BLOCK_SIZE)
1355 buffer_to_write = buff;
1357 memcpy(a->uncompressed_buffer +
1358 MAX_DECMPFS_BLOCK_SIZE - a->block_remaining_bytes,
1359 buff, bytes_to_write);
1360 buffer_to_write = a->uncompressed_buffer;
1362 a->block_remaining_bytes -= bytes_to_write;
1363 a->file_remaining_bytes -= bytes_to_write;
1365 if (a->block_remaining_bytes == 0 || a->file_remaining_bytes == 0) {
1366 ret = hfs_drive_compressor(a, buffer_to_write,
1367 MAX_DECMPFS_BLOCK_SIZE - a->block_remaining_bytes);
1370 a->block_remaining_bytes = MAX_DECMPFS_BLOCK_SIZE;
1372 /* Ignore redundant bytes. */
1373 if (a->file_remaining_bytes == 0)
1374 return ((ssize_t)size);
1375 return (bytes_to_write);
1379 hfs_write_data_block(struct archive_write_disk *a, const char *buff,
1382 uint64_t start_size = size;
1383 ssize_t bytes_written = 0;
1384 ssize_t bytes_to_write;
1387 return (ARCHIVE_OK);
1389 if (a->filesize == 0 || a->fd < 0) {
1390 archive_set_error(&a->archive, 0,
1391 "Attempt to write to an empty file");
1392 return (ARCHIVE_WARN);
1395 /* If this write would run beyond the file size, truncate it. */
1396 if (a->filesize >= 0 && (int64_t)(a->offset + size) > a->filesize)
1397 start_size = size = (size_t)(a->filesize - a->offset);
1399 /* Write the data. */
1401 bytes_to_write = size;
1402 /* Seek if necessary to the specified offset. */
1403 if (a->offset < a->fd_offset) {
1404 /* Can't support backword move. */
1405 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1407 return (ARCHIVE_FATAL);
1408 } else if (a->offset > a->fd_offset) {
1409 int64_t skip = a->offset - a->fd_offset;
1410 char nullblock[1024];
1412 memset(nullblock, 0, sizeof(nullblock));
1414 if (skip > (int64_t)sizeof(nullblock))
1415 bytes_written = hfs_write_decmpfs_block(
1416 a, nullblock, sizeof(nullblock));
1418 bytes_written = hfs_write_decmpfs_block(
1419 a, nullblock, skip);
1420 if (bytes_written < 0) {
1421 archive_set_error(&a->archive, errno,
1423 return (ARCHIVE_WARN);
1425 skip -= bytes_written;
1428 a->fd_offset = a->offset;
1431 hfs_write_decmpfs_block(a, buff, bytes_to_write);
1432 if (bytes_written < 0)
1433 return (bytes_written);
1434 buff += bytes_written;
1435 size -= bytes_written;
1436 a->total_bytes_written += bytes_written;
1437 a->offset += bytes_written;
1438 a->fd_offset = a->offset;
1440 return (start_size - size);
1444 hfs_write_data_block(struct archive_write_disk *a, const char *buff,
1447 return (write_data_block(a, buff, size));
1452 _archive_write_disk_data_block(struct archive *_a,
1453 const void *buff, size_t size, int64_t offset)
1455 struct archive_write_disk *a = (struct archive_write_disk *)_a;
1458 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
1459 ARCHIVE_STATE_DATA, "archive_write_data_block");
1462 if (a->todo & TODO_HFS_COMPRESSION)
1463 r = hfs_write_data_block(a, buff, size);
1465 r = write_data_block(a, buff, size);
1468 if ((size_t)r < size) {
1469 archive_set_error(&a->archive, 0,
1470 "Write request too large");
1471 return (ARCHIVE_WARN);
1473 return (ARCHIVE_OK);
1477 _archive_write_disk_data(struct archive *_a, const void *buff, size_t size)
1479 struct archive_write_disk *a = (struct archive_write_disk *)_a;
1481 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
1482 ARCHIVE_STATE_DATA, "archive_write_data");
1484 if (a->todo & TODO_HFS_COMPRESSION)
1485 return (hfs_write_data_block(a, buff, size));
1486 return (write_data_block(a, buff, size));
1490 _archive_write_disk_finish_entry(struct archive *_a)
1492 struct archive_write_disk *a = (struct archive_write_disk *)_a;
1493 int ret = ARCHIVE_OK;
1495 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
1496 ARCHIVE_STATE_HEADER | ARCHIVE_STATE_DATA,
1497 "archive_write_finish_entry");
1498 if (a->archive.state & ARCHIVE_STATE_HEADER)
1499 return (ARCHIVE_OK);
1500 archive_clear_error(&a->archive);
1502 /* Pad or truncate file to the right size. */
1504 /* There's no file. */
1505 } else if (a->filesize < 0) {
1506 /* File size is unknown, so we can't set the size. */
1507 } else if (a->fd_offset == a->filesize) {
1508 /* Last write ended at exactly the filesize; we're done. */
1509 /* Hopefully, this is the common case. */
1510 #if defined(__APPLE__) && defined(UF_COMPRESSED) && defined(HAVE_ZLIB_H)
1511 } else if (a->todo & TODO_HFS_COMPRESSION) {
1515 if (a->file_remaining_bytes)
1516 memset(null_d, 0, sizeof(null_d));
1517 while (a->file_remaining_bytes) {
1518 if (a->file_remaining_bytes > sizeof(null_d))
1519 r = hfs_write_data_block(
1520 a, null_d, sizeof(null_d));
1522 r = hfs_write_data_block(
1523 a, null_d, a->file_remaining_bytes);
1530 if (ftruncate(a->fd, a->filesize) == -1 &&
1532 archive_set_error(&a->archive, errno,
1533 "File size could not be restored");
1534 return (ARCHIVE_FAILED);
1538 * Not all platforms implement the XSI option to
1539 * extend files via ftruncate. Stat() the file again
1540 * to see what happened.
1543 if ((ret = lazy_stat(a)) != ARCHIVE_OK)
1545 /* We can use lseek()/write() to extend the file if
1546 * ftruncate didn't work or isn't available. */
1547 if (a->st.st_size < a->filesize) {
1548 const char nul = '\0';
1549 if (lseek(a->fd, a->filesize - 1, SEEK_SET) < 0) {
1550 archive_set_error(&a->archive, errno,
1552 return (ARCHIVE_FATAL);
1554 if (write(a->fd, &nul, 1) < 0) {
1555 archive_set_error(&a->archive, errno,
1556 "Write to restore size failed");
1557 return (ARCHIVE_FATAL);
1563 /* Restore metadata. */
1566 * This is specific to Mac OS X.
1567 * If the current file is an AppleDouble file, it should be
1568 * linked with the data fork file and remove it.
1570 if (a->todo & TODO_APPLEDOUBLE) {
1571 int r2 = fixup_appledouble(a, a->name);
1572 if (r2 == ARCHIVE_EOF) {
1573 /* The current file has been successfully linked
1574 * with the data fork file and removed. So there
1575 * is nothing to do on the current file. */
1576 goto finish_metadata;
1578 if (r2 < ret) ret = r2;
1582 * Look up the "real" UID only if we're going to need it.
1583 * TODO: the TODO_SGID condition can be dropped here, can't it?
1585 if (a->todo & (TODO_OWNER | TODO_SUID | TODO_SGID)) {
1586 a->uid = archive_write_disk_uid(&a->archive,
1587 archive_entry_uname(a->entry),
1588 archive_entry_uid(a->entry));
1590 /* Look up the "real" GID only if we're going to need it. */
1591 /* TODO: the TODO_SUID condition can be dropped here, can't it? */
1592 if (a->todo & (TODO_OWNER | TODO_SGID | TODO_SUID)) {
1593 a->gid = archive_write_disk_gid(&a->archive,
1594 archive_entry_gname(a->entry),
1595 archive_entry_gid(a->entry));
1599 * Restore ownership before set_mode tries to restore suid/sgid
1600 * bits. If we set the owner, we know what it is and can skip
1601 * a stat() call to examine the ownership of the file on disk.
1603 if (a->todo & TODO_OWNER) {
1604 int r2 = set_ownership(a);
1605 if (r2 < ret) ret = r2;
1609 * set_mode must precede ACLs on systems such as Solaris and
1610 * FreeBSD where setting the mode implicitly clears extended ACLs
1612 if (a->todo & TODO_MODE) {
1613 int r2 = set_mode(a, a->mode);
1614 if (r2 < ret) ret = r2;
1618 * Security-related extended attributes (such as
1619 * security.capability on Linux) have to be restored last,
1620 * since they're implicitly removed by other file changes.
1622 if (a->todo & TODO_XATTR) {
1623 int r2 = set_xattrs(a);
1624 if (r2 < ret) ret = r2;
1628 * Some flags prevent file modification; they must be restored after
1629 * file contents are written.
1631 if (a->todo & TODO_FFLAGS) {
1632 int r2 = set_fflags(a);
1633 if (r2 < ret) ret = r2;
1637 * Time must follow most other metadata;
1638 * otherwise atime will get changed.
1640 if (a->todo & TODO_TIMES) {
1641 int r2 = set_times_from_entry(a);
1642 if (r2 < ret) ret = r2;
1646 * Mac extended metadata includes ACLs.
1648 if (a->todo & TODO_MAC_METADATA) {
1649 const void *metadata;
1650 size_t metadata_size;
1651 metadata = archive_entry_mac_metadata(a->entry, &metadata_size);
1652 if (metadata != NULL && metadata_size > 0) {
1653 int r2 = set_mac_metadata(a, archive_entry_pathname(
1654 a->entry), metadata, metadata_size);
1655 if (r2 < ret) ret = r2;
1660 * ACLs must be restored after timestamps because there are
1661 * ACLs that prevent attribute changes (including time).
1663 if (a->todo & TODO_ACLS) {
1664 int r2 = archive_write_disk_set_acls(&a->archive, a->fd,
1665 archive_entry_pathname(a->entry),
1666 archive_entry_acl(a->entry));
1667 if (r2 < ret) ret = r2;
1671 /* If there's an fd, we can close it now. */
1676 /* If there's an entry, we can release it now. */
1678 archive_entry_free(a->entry);
1681 a->archive.state = ARCHIVE_STATE_HEADER;
1686 archive_write_disk_set_group_lookup(struct archive *_a,
1688 int64_t (*lookup_gid)(void *private, const char *gname, int64_t gid),
1689 void (*cleanup_gid)(void *private))
1691 struct archive_write_disk *a = (struct archive_write_disk *)_a;
1692 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
1693 ARCHIVE_STATE_ANY, "archive_write_disk_set_group_lookup");
1695 if (a->cleanup_gid != NULL && a->lookup_gid_data != NULL)
1696 (a->cleanup_gid)(a->lookup_gid_data);
1698 a->lookup_gid = lookup_gid;
1699 a->cleanup_gid = cleanup_gid;
1700 a->lookup_gid_data = private_data;
1701 return (ARCHIVE_OK);
1705 archive_write_disk_set_user_lookup(struct archive *_a,
1707 int64_t (*lookup_uid)(void *private, const char *uname, int64_t uid),
1708 void (*cleanup_uid)(void *private))
1710 struct archive_write_disk *a = (struct archive_write_disk *)_a;
1711 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
1712 ARCHIVE_STATE_ANY, "archive_write_disk_set_user_lookup");
1714 if (a->cleanup_uid != NULL && a->lookup_uid_data != NULL)
1715 (a->cleanup_uid)(a->lookup_uid_data);
1717 a->lookup_uid = lookup_uid;
1718 a->cleanup_uid = cleanup_uid;
1719 a->lookup_uid_data = private_data;
1720 return (ARCHIVE_OK);
1724 archive_write_disk_gid(struct archive *_a, const char *name, int64_t id)
1726 struct archive_write_disk *a = (struct archive_write_disk *)_a;
1727 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
1728 ARCHIVE_STATE_ANY, "archive_write_disk_gid");
1730 return (a->lookup_gid)(a->lookup_gid_data, name, id);
1735 archive_write_disk_uid(struct archive *_a, const char *name, int64_t id)
1737 struct archive_write_disk *a = (struct archive_write_disk *)_a;
1738 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
1739 ARCHIVE_STATE_ANY, "archive_write_disk_uid");
1741 return (a->lookup_uid)(a->lookup_uid_data, name, id);
1746 * Create a new archive_write_disk object and initialize it with global state.
1749 archive_write_disk_new(void)
1751 struct archive_write_disk *a;
1753 a = (struct archive_write_disk *)malloc(sizeof(*a));
1756 memset(a, 0, sizeof(*a));
1757 a->archive.magic = ARCHIVE_WRITE_DISK_MAGIC;
1758 /* We're ready to write a header immediately. */
1759 a->archive.state = ARCHIVE_STATE_HEADER;
1760 a->archive.vtable = archive_write_disk_vtable();
1761 a->start_time = time(NULL);
1762 /* Query and restore the umask. */
1763 umask(a->user_umask = umask(0));
1765 a->user_uid = geteuid();
1766 #endif /* HAVE_GETEUID */
1767 if (archive_string_ensure(&a->path_safe, 512) == NULL) {
1772 a->decmpfs_compression_level = 5;
1774 return (&a->archive);
1779 * If pathname is longer than PATH_MAX, chdir to a suitable
1780 * intermediate dir and edit the path down to a shorter suffix. Note
1781 * that this routine never returns an error; if the chdir() attempt
1782 * fails for any reason, we just go ahead with the long pathname. The
1783 * object creation is likely to fail, but any error will get handled
1786 #if defined(HAVE_FCHDIR) && defined(PATH_MAX)
1788 edit_deep_directories(struct archive_write_disk *a)
1791 char *tail = a->name;
1793 /* If path is short, avoid the open() below. */
1794 if (strlen(tail) <= PATH_MAX)
1797 /* Try to record our starting dir. */
1798 a->restore_pwd = open(".", O_RDONLY | O_BINARY | O_CLOEXEC);
1799 __archive_ensure_cloexec_flag(a->restore_pwd);
1800 if (a->restore_pwd < 0)
1803 /* As long as the path is too long... */
1804 while (strlen(tail) > PATH_MAX) {
1805 /* Locate a dir prefix shorter than PATH_MAX. */
1806 tail += PATH_MAX - 8;
1807 while (tail > a->name && *tail != '/')
1809 /* Exit if we find a too-long path component. */
1810 if (tail <= a->name)
1812 /* Create the intermediate dir and chdir to it. */
1813 *tail = '\0'; /* Terminate dir portion */
1814 ret = create_dir(a, a->name);
1815 if (ret == ARCHIVE_OK && chdir(a->name) != 0)
1816 ret = ARCHIVE_FAILED;
1817 *tail = '/'; /* Restore the / we removed. */
1818 if (ret != ARCHIVE_OK)
1821 /* The chdir() succeeded; we've now shortened the path. */
1829 * The main restore function.
1832 restore_entry(struct archive_write_disk *a)
1834 int ret = ARCHIVE_OK, en;
1836 if (a->flags & ARCHIVE_EXTRACT_UNLINK && !S_ISDIR(a->mode)) {
1838 * TODO: Fix this. Apparently, there are platforms
1839 * that still allow root to hose the entire filesystem
1840 * by unlinking a dir. The S_ISDIR() test above
1841 * prevents us from using unlink() here if the new
1842 * object is a dir, but that doesn't mean the old
1843 * object isn't a dir.
1845 if (unlink(a->name) == 0) {
1846 /* We removed it, reset cached stat. */
1848 } else if (errno == ENOENT) {
1849 /* File didn't exist, that's just as good. */
1850 } else if (rmdir(a->name) == 0) {
1851 /* It was a dir, but now it's gone. */
1854 /* We tried, but couldn't get rid of it. */
1855 archive_set_error(&a->archive, errno,
1856 "Could not unlink");
1857 return(ARCHIVE_FAILED);
1861 /* Try creating it first; if this fails, we'll try to recover. */
1862 en = create_filesystem_object(a);
1864 if ((en == ENOTDIR || en == ENOENT)
1865 && !(a->flags & ARCHIVE_EXTRACT_NO_AUTODIR)) {
1866 /* If the parent dir doesn't exist, try creating it. */
1867 create_parent_dir(a, a->name);
1868 /* Now try to create the object again. */
1869 en = create_filesystem_object(a);
1872 if ((en == EISDIR || en == EEXIST)
1873 && (a->flags & ARCHIVE_EXTRACT_NO_OVERWRITE)) {
1874 /* If we're not overwriting, we're done. */
1875 archive_entry_unset_size(a->entry);
1876 return (ARCHIVE_OK);
1880 * Some platforms return EISDIR if you call
1881 * open(O_WRONLY | O_EXCL | O_CREAT) on a directory, some
1882 * return EEXIST. POSIX is ambiguous, requiring EISDIR
1883 * for open(O_WRONLY) on a dir and EEXIST for open(O_EXCL | O_CREAT)
1884 * on an existing item.
1887 /* A dir is in the way of a non-dir, rmdir it. */
1888 if (rmdir(a->name) != 0) {
1889 archive_set_error(&a->archive, errno,
1890 "Can't remove already-existing dir");
1891 return (ARCHIVE_FAILED);
1895 en = create_filesystem_object(a);
1896 } else if (en == EEXIST) {
1898 * We know something is in the way, but we don't know what;
1899 * we need to find out before we go any further.
1903 * The SECURE_SYMLINKS logic has already removed a
1904 * symlink to a dir if the client wants that. So
1905 * follow the symlink if we're creating a dir.
1907 if (S_ISDIR(a->mode))
1908 r = stat(a->name, &a->st);
1910 * If it's not a dir (or it's a broken symlink),
1911 * then don't follow it.
1913 if (r != 0 || !S_ISDIR(a->mode))
1914 r = lstat(a->name, &a->st);
1916 archive_set_error(&a->archive, errno,
1917 "Can't stat existing object");
1918 return (ARCHIVE_FAILED);
1922 * NO_OVERWRITE_NEWER doesn't apply to directories.
1924 if ((a->flags & ARCHIVE_EXTRACT_NO_OVERWRITE_NEWER)
1925 && !S_ISDIR(a->st.st_mode)) {
1926 if (!older(&(a->st), a->entry)) {
1927 archive_entry_unset_size(a->entry);
1928 return (ARCHIVE_OK);
1932 /* If it's our archive, we're done. */
1933 if (a->skip_file_set &&
1934 a->st.st_dev == (dev_t)a->skip_file_dev &&
1935 a->st.st_ino == (ino_t)a->skip_file_ino) {
1936 archive_set_error(&a->archive, 0,
1937 "Refusing to overwrite archive");
1938 return (ARCHIVE_FAILED);
1941 if (!S_ISDIR(a->st.st_mode)) {
1942 /* A non-dir is in the way, unlink it. */
1943 if (unlink(a->name) != 0) {
1944 archive_set_error(&a->archive, errno,
1945 "Can't unlink already-existing object");
1946 return (ARCHIVE_FAILED);
1950 en = create_filesystem_object(a);
1951 } else if (!S_ISDIR(a->mode)) {
1952 /* A dir is in the way of a non-dir, rmdir it. */
1953 if (rmdir(a->name) != 0) {
1954 archive_set_error(&a->archive, errno,
1955 "Can't replace existing directory with non-directory");
1956 return (ARCHIVE_FAILED);
1959 en = create_filesystem_object(a);
1962 * There's a dir in the way of a dir. Don't
1963 * waste time with rmdir()/mkdir(), just fix
1964 * up the permissions on the existing dir.
1965 * Note that we don't change perms on existing
1966 * dirs unless _EXTRACT_PERM is specified.
1968 if ((a->mode != a->st.st_mode)
1969 && (a->todo & TODO_MODE_FORCE))
1970 a->deferred |= (a->todo & TODO_MODE);
1971 /* Ownership doesn't need deferred fixup. */
1972 en = 0; /* Forget the EEXIST. */
1977 /* Everything failed; give up here. */
1978 archive_set_error(&a->archive, en, "Can't create '%s'",
1980 return (ARCHIVE_FAILED);
1983 a->pst = NULL; /* Cached stat data no longer valid. */
1988 * Returns 0 if creation succeeds, or else returns errno value from
1989 * the failed system call. Note: This function should only ever perform
1990 * a single system call.
1993 create_filesystem_object(struct archive_write_disk *a)
1995 /* Create the entry. */
1996 const char *linkname;
1997 mode_t final_mode, mode;
2000 /* We identify hard/symlinks according to the link names. */
2001 /* Since link(2) and symlink(2) don't handle modes, we're done here. */
2002 linkname = archive_entry_hardlink(a->entry);
2003 if (linkname != NULL) {
2007 r = link(linkname, a->name) ? errno : 0;
2009 * New cpio and pax formats allow hardlink entries
2010 * to carry data, so we may have to open the file
2011 * for hardlink entries.
2013 * If the hardlink was successfully created and
2014 * the archive doesn't have carry data for it,
2015 * consider it to be non-authoritative for meta data.
2016 * This is consistent with GNU tar and BSD pax.
2017 * If the hardlink does carry data, let the last
2018 * archive entry decide ownership.
2020 if (r == 0 && a->filesize <= 0) {
2023 } else if (r == 0 && a->filesize > 0) {
2024 a->fd = open(a->name,
2025 O_WRONLY | O_TRUNC | O_BINARY | O_CLOEXEC);
2026 __archive_ensure_cloexec_flag(a->fd);
2033 linkname = archive_entry_symlink(a->entry);
2034 if (linkname != NULL) {
2036 return symlink(linkname, a->name) ? errno : 0;
2043 * The remaining system calls all set permissions, so let's
2044 * try to take advantage of that to avoid an extra chmod()
2045 * call. (Recall that umask is set to zero right now!)
2048 /* Mode we want for the final restored object (w/o file type bits). */
2049 final_mode = a->mode & 07777;
2051 * The mode that will actually be restored in this step. Note
2052 * that SUID, SGID, etc, require additional work to ensure
2053 * security, so we never restore them at this point.
2055 mode = final_mode & 0777 & ~a->user_umask;
2057 switch (a->mode & AE_IFMT) {
2059 /* POSIX requires that we fall through here. */
2062 a->fd = open(a->name,
2063 O_WRONLY | O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC, mode);
2064 __archive_ensure_cloexec_flag(a->fd);
2069 /* Note: we use AE_IFCHR for the case label, and
2070 * S_IFCHR for the mknod() call. This is correct. */
2071 r = mknod(a->name, mode | S_IFCHR,
2072 archive_entry_rdev(a->entry));
2075 /* TODO: Find a better way to warn about our inability
2076 * to restore a char device node. */
2078 #endif /* HAVE_MKNOD */
2081 r = mknod(a->name, mode | S_IFBLK,
2082 archive_entry_rdev(a->entry));
2085 /* TODO: Find a better way to warn about our inability
2086 * to restore a block device node. */
2088 #endif /* HAVE_MKNOD */
2090 mode = (mode | MINIMUM_DIR_MODE) & MAXIMUM_DIR_MODE;
2091 r = mkdir(a->name, mode);
2093 /* Defer setting dir times. */
2094 a->deferred |= (a->todo & TODO_TIMES);
2095 a->todo &= ~TODO_TIMES;
2096 /* Never use an immediate chmod(). */
2097 /* We can't avoid the chmod() entirely if EXTRACT_PERM
2098 * because of SysV SGID inheritance. */
2099 if ((mode != final_mode)
2100 || (a->flags & ARCHIVE_EXTRACT_PERM))
2101 a->deferred |= (a->todo & TODO_MODE);
2102 a->todo &= ~TODO_MODE;
2107 r = mkfifo(a->name, mode);
2110 /* TODO: Find a better way to warn about our inability
2111 * to restore a fifo. */
2113 #endif /* HAVE_MKFIFO */
2116 /* All the system calls above set errno on failure. */
2120 /* If we managed to set the final mode, we've avoided a chmod(). */
2121 if (mode == final_mode)
2122 a->todo &= ~TODO_MODE;
2127 * Cleanup function for archive_extract. Mostly, this involves processing
2128 * the fixup list, which is used to address a number of problems:
2129 * * Dir permissions might prevent us from restoring a file in that
2130 * dir, so we restore the dir with minimum 0700 permissions first,
2131 * then correct the mode at the end.
2132 * * Similarly, the act of restoring a file touches the directory
2133 * and changes the timestamp on the dir, so we have to touch-up dir
2134 * timestamps at the end as well.
2135 * * Some file flags can interfere with the restore by, for example,
2136 * preventing the creation of hardlinks to those files.
2137 * * Mac OS extended metadata includes ACLs, so must be deferred on dirs.
2139 * Note that tar/cpio do not require that archives be in a particular
2140 * order; there is no way to know when the last file has been restored
2141 * within a directory, so there's no way to optimize the memory usage
2142 * here by fixing up the directory any earlier than the
2145 * XXX TODO: Directory ACLs should be restored here, for the same
2146 * reason we set directory perms here. XXX
2149 _archive_write_disk_close(struct archive *_a)
2151 struct archive_write_disk *a = (struct archive_write_disk *)_a;
2152 struct fixup_entry *next, *p;
2155 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
2156 ARCHIVE_STATE_HEADER | ARCHIVE_STATE_DATA,
2157 "archive_write_disk_close");
2158 ret = _archive_write_disk_finish_entry(&a->archive);
2160 /* Sort dir list so directories are fixed up in depth-first order. */
2161 p = sort_dir_list(a->fixup_list);
2164 a->pst = NULL; /* Mark stat cache as out-of-date. */
2165 if (p->fixup & TODO_TIMES) {
2166 set_times(a, -1, p->mode, p->name,
2167 p->atime, p->atime_nanos,
2168 p->birthtime, p->birthtime_nanos,
2169 p->mtime, p->mtime_nanos,
2170 p->ctime, p->ctime_nanos);
2172 if (p->fixup & TODO_MODE_BASE)
2173 chmod(p->name, p->mode);
2174 if (p->fixup & TODO_ACLS)
2175 archive_write_disk_set_acls(&a->archive,
2176 -1, p->name, &p->acl);
2177 if (p->fixup & TODO_FFLAGS)
2178 set_fflags_platform(a, -1, p->name,
2179 p->mode, p->fflags_set, 0);
2180 if (p->fixup & TODO_MAC_METADATA)
2181 set_mac_metadata(a, p->name, p->mac_metadata,
2182 p->mac_metadata_size);
2184 archive_acl_clear(&p->acl);
2185 free(p->mac_metadata);
2190 a->fixup_list = NULL;
2195 _archive_write_disk_free(struct archive *_a)
2197 struct archive_write_disk *a;
2200 return (ARCHIVE_OK);
2201 archive_check_magic(_a, ARCHIVE_WRITE_DISK_MAGIC,
2202 ARCHIVE_STATE_ANY | ARCHIVE_STATE_FATAL, "archive_write_disk_free");
2203 a = (struct archive_write_disk *)_a;
2204 ret = _archive_write_disk_close(&a->archive);
2205 archive_write_disk_set_group_lookup(&a->archive, NULL, NULL, NULL);
2206 archive_write_disk_set_user_lookup(&a->archive, NULL, NULL, NULL);
2208 archive_entry_free(a->entry);
2209 archive_string_free(&a->_name_data);
2210 archive_string_free(&a->archive.error_string);
2211 archive_string_free(&a->path_safe);
2212 a->archive.magic = 0;
2213 __archive_clean(&a->archive);
2214 free(a->decmpfs_header_p);
2215 free(a->resource_fork);
2216 free(a->compressed_buffer);
2217 free(a->uncompressed_buffer);
2219 if (a->stream_valid) {
2220 switch (deflateEnd(&a->stream)) {
2224 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
2225 "Failed to clean up compressor");
2226 ret = ARCHIVE_FATAL;
2236 * Simple O(n log n) merge sort to order the fixup list. In
2237 * particular, we want to restore dir timestamps depth-first.
2239 static struct fixup_entry *
2240 sort_dir_list(struct fixup_entry *p)
2242 struct fixup_entry *a, *b, *t;
2246 /* A one-item list is already sorted. */
2247 if (p->next == NULL)
2250 /* Step 1: split the list. */
2254 /* Step a twice, t once. */
2260 /* Now, t is at the mid-point, so break the list here. */
2265 /* Step 2: Recursively sort the two sub-lists. */
2266 a = sort_dir_list(a);
2267 b = sort_dir_list(b);
2269 /* Step 3: Merge the returned lists. */
2270 /* Pick the first element for the merged list. */
2271 if (strcmp(a->name, b->name) > 0) {
2279 /* Always put the later element on the list first. */
2280 while (a != NULL && b != NULL) {
2281 if (strcmp(a->name, b->name) > 0) {
2291 /* Only one list is non-empty, so just splice it on. */
2301 * Returns a new, initialized fixup entry.
2303 * TODO: Reduce the memory requirements for this list by using a tree
2304 * structure rather than a simple list of names.
2306 static struct fixup_entry *
2307 new_fixup(struct archive_write_disk *a, const char *pathname)
2309 struct fixup_entry *fe;
2311 fe = (struct fixup_entry *)calloc(1, sizeof(struct fixup_entry));
2313 archive_set_error(&a->archive, ENOMEM,
2314 "Can't allocate memory for a fixup");
2317 fe->next = a->fixup_list;
2320 fe->name = strdup(pathname);
2325 * Returns a fixup structure for the current entry.
2327 static struct fixup_entry *
2328 current_fixup(struct archive_write_disk *a, const char *pathname)
2330 if (a->current_fixup == NULL)
2331 a->current_fixup = new_fixup(a, pathname);
2332 return (a->current_fixup);
2335 /* TODO: Make this work. */
2337 * TODO: The deep-directory support bypasses this; disable deep directory
2338 * support if we're doing symlink checks.
2341 * TODO: Someday, integrate this with the deep dir support; they both
2342 * scan the path and both can be optimized by comparing against other
2345 /* TODO: Extend this to support symlinks on Windows Vista and later. */
2347 check_symlinks(struct archive_write_disk *a)
2349 #if !defined(HAVE_LSTAT)
2350 /* Platform doesn't have lstat, so we can't look for symlinks. */
2351 (void)a; /* UNUSED */
2352 return (ARCHIVE_OK);
2360 * Guard against symlink tricks. Reject any archive entry whose
2361 * destination would be altered by a symlink.
2363 /* Whatever we checked last time doesn't need to be re-checked. */
2365 if (archive_strlen(&(a->path_safe)) > 0) {
2366 char *p = a->path_safe.s;
2367 while ((*pn != '\0') && (*p == *pn))
2371 /* Keep going until we've checked the entire name. */
2372 while (pn[0] != '\0' && (pn[0] != '/' || pn[1] != '\0')) {
2373 /* Skip the next path element. */
2374 while (*pn != '\0' && *pn != '/')
2378 /* Check that we haven't hit a symlink. */
2379 r = lstat(a->name, &st);
2381 /* We've hit a dir that doesn't exist; stop now. */
2382 if (errno == ENOENT)
2384 } else if (S_ISLNK(st.st_mode)) {
2387 * Last element is symlink; remove it
2388 * so we can overwrite it with the
2389 * item being extracted.
2391 if (unlink(a->name)) {
2392 archive_set_error(&a->archive, errno,
2393 "Could not remove symlink %s",
2396 return (ARCHIVE_FAILED);
2400 * Even if we did remove it, a warning
2401 * is in order. The warning is silly,
2402 * though, if we're just replacing one
2403 * symlink with another symlink.
2405 if (!S_ISLNK(a->mode)) {
2406 archive_set_error(&a->archive, 0,
2407 "Removing symlink %s",
2410 /* Symlink gone. No more problem! */
2413 } else if (a->flags & ARCHIVE_EXTRACT_UNLINK) {
2414 /* User asked us to remove problems. */
2415 if (unlink(a->name) != 0) {
2416 archive_set_error(&a->archive, 0,
2417 "Cannot remove intervening symlink %s",
2420 return (ARCHIVE_FAILED);
2424 archive_set_error(&a->archive, 0,
2425 "Cannot extract through symlink %s",
2428 return (ARCHIVE_FAILED);
2433 /* We've checked and/or cleaned the whole path, so remember it. */
2434 archive_strcpy(&a->path_safe, a->name);
2435 return (ARCHIVE_OK);
2439 #if defined(__CYGWIN__)
2441 * 1. Convert a path separator from '\' to '/' .
2442 * We shouldn't check multibyte character directly because some
2443 * character-set have been using the '\' character for a part of
2444 * its multibyte character code.
2445 * 2. Replace unusable characters in Windows with underscore('_').
2446 * See also : http://msdn.microsoft.com/en-us/library/aa365247.aspx
2449 cleanup_pathname_win(struct archive_write_disk *a)
2454 int mb, complete, utf8;
2459 utf8 = (strcmp(nl_langinfo(CODESET), "UTF-8") == 0)? 1: 0;
2460 for (p = a->name; *p != '\0'; p++) {
2463 /* If previous byte is smaller than 128,
2464 * this is not second byte of multibyte characters,
2465 * so we can replace '\' with '/'. */
2469 complete = 0;/* uncompleted. */
2470 } else if (*(unsigned char *)p > 127)
2474 /* Rewrite the path name if its next character is unusable. */
2475 if (*p == ':' || *p == '*' || *p == '?' || *p == '"' ||
2476 *p == '<' || *p == '>' || *p == '|')
2483 * Convert path separator in wide-character.
2486 while (*p != '\0' && alen) {
2487 l = mbtowc(&wc, p, alen);
2488 if (l == (size_t)-1) {
2489 while (*p != '\0') {
2496 if (l == 1 && wc == L'\\')
2505 * Canonicalize the pathname. In particular, this strips duplicate
2506 * '/' characters, '.' elements, and trailing '/'. It also raises an
2507 * error for an empty path, a trailing '..' or (if _SECURE_NODOTDOT is
2508 * set) any '..' in the path.
2511 cleanup_pathname(struct archive_write_disk *a)
2514 char separator = '\0';
2516 dest = src = a->name;
2518 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
2519 "Invalid empty pathname");
2520 return (ARCHIVE_FAILED);
2523 #if defined(__CYGWIN__)
2524 cleanup_pathname_win(a);
2526 /* Skip leading '/'. */
2530 /* Scan the pathname one element at a time. */
2532 /* src points to first char after '/' */
2533 if (src[0] == '\0') {
2535 } else if (src[0] == '/') {
2536 /* Found '//', ignore second one. */
2539 } else if (src[0] == '.') {
2540 if (src[1] == '\0') {
2541 /* Ignore trailing '.' */
2543 } else if (src[1] == '/') {
2547 } else if (src[1] == '.') {
2548 if (src[2] == '/' || src[2] == '\0') {
2549 /* Conditionally warn about '..' */
2550 if (a->flags & ARCHIVE_EXTRACT_SECURE_NODOTDOT) {
2551 archive_set_error(&a->archive,
2553 "Path contains '..'");
2554 return (ARCHIVE_FAILED);
2558 * Note: Under no circumstances do we
2559 * remove '..' elements. In
2560 * particular, restoring
2561 * '/foo/../bar/' should create the
2562 * 'foo' dir as a side-effect.
2567 /* Copy current element, including leading '/'. */
2570 while (*src != '\0' && *src != '/') {
2577 /* Skip '/' separator. */
2581 * We've just copied zero or more path elements, not including the
2584 if (dest == a->name) {
2586 * Nothing got copied. The path must have been something
2587 * like '.' or '/' or './' or '/././././/./'.
2594 /* Terminate the result. */
2596 return (ARCHIVE_OK);
2600 * Create the parent directory of the specified path, assuming path
2601 * is already in mutable storage.
2604 create_parent_dir(struct archive_write_disk *a, char *path)
2609 /* Remove tail element to obtain parent name. */
2610 slash = strrchr(path, '/');
2612 return (ARCHIVE_OK);
2614 r = create_dir(a, path);
2620 * Create the specified dir, recursing to create parents as necessary.
2622 * Returns ARCHIVE_OK if the path exists when we're done here.
2623 * Otherwise, returns ARCHIVE_FAILED.
2624 * Assumes path is in mutable storage; path is unchanged on exit.
2627 create_dir(struct archive_write_disk *a, char *path)
2630 struct fixup_entry *le;
2632 mode_t mode_final, mode;
2635 /* Check for special names and just skip them. */
2636 slash = strrchr(path, '/');
2642 if (base[0] == '\0' ||
2643 (base[0] == '.' && base[1] == '\0') ||
2644 (base[0] == '.' && base[1] == '.' && base[2] == '\0')) {
2645 /* Don't bother trying to create null path, '.', or '..'. */
2646 if (slash != NULL) {
2648 r = create_dir(a, path);
2652 return (ARCHIVE_OK);
2656 * Yes, this should be stat() and not lstat(). Using lstat()
2657 * here loses the ability to extract through symlinks. Also note
2658 * that this should not use the a->st cache.
2660 if (stat(path, &st) == 0) {
2661 if (S_ISDIR(st.st_mode))
2662 return (ARCHIVE_OK);
2663 if ((a->flags & ARCHIVE_EXTRACT_NO_OVERWRITE)) {
2664 archive_set_error(&a->archive, EEXIST,
2665 "Can't create directory '%s'", path);
2666 return (ARCHIVE_FAILED);
2668 if (unlink(path) != 0) {
2669 archive_set_error(&a->archive, errno,
2670 "Can't create directory '%s': "
2671 "Conflicting file cannot be removed",
2673 return (ARCHIVE_FAILED);
2675 } else if (errno != ENOENT && errno != ENOTDIR) {
2677 archive_set_error(&a->archive, errno, "Can't test directory '%s'", path);
2678 return (ARCHIVE_FAILED);
2679 } else if (slash != NULL) {
2681 r = create_dir(a, path);
2683 if (r != ARCHIVE_OK)
2688 * Mode we want for the final restored directory. Per POSIX,
2689 * implicitly-created dirs must be created obeying the umask.
2690 * There's no mention whether this is different for privileged
2691 * restores (which the rest of this code handles by pretending
2692 * umask=0). I've chosen here to always obey the user's umask for
2693 * implicit dirs, even if _EXTRACT_PERM was specified.
2695 mode_final = DEFAULT_DIR_MODE & ~a->user_umask;
2696 /* Mode we want on disk during the restore process. */
2698 mode |= MINIMUM_DIR_MODE;
2699 mode &= MAXIMUM_DIR_MODE;
2700 if (mkdir(path, mode) == 0) {
2701 if (mode != mode_final) {
2702 le = new_fixup(a, path);
2704 return (ARCHIVE_FATAL);
2705 le->fixup |=TODO_MODE_BASE;
2706 le->mode = mode_final;
2708 return (ARCHIVE_OK);
2712 * Without the following check, a/b/../b/c/d fails at the
2713 * second visit to 'b', so 'd' can't be created. Note that we
2714 * don't add it to the fixup list here, as it's already been
2717 if (stat(path, &st) == 0 && S_ISDIR(st.st_mode))
2718 return (ARCHIVE_OK);
2720 archive_set_error(&a->archive, errno, "Failed to create dir '%s'",
2722 return (ARCHIVE_FAILED);
2726 * Note: Although we can skip setting the user id if the desired user
2727 * id matches the current user, we cannot skip setting the group, as
2728 * many systems set the gid based on the containing directory. So
2729 * we have to perform a chown syscall if we want to set the SGID
2730 * bit. (The alternative is to stat() and then possibly chown(); it's
2731 * more efficient to skip the stat() and just always chown().) Note
2732 * that a successful chown() here clears the TODO_SGID_CHECK bit, which
2733 * allows set_mode to skip the stat() check for the GID.
2736 set_ownership(struct archive_write_disk *a)
2739 /* unfortunately, on win32 there is no 'root' user with uid 0,
2740 so we just have to try the chown and see if it works */
2742 /* If we know we can't change it, don't bother trying. */
2743 if (a->user_uid != 0 && a->user_uid != a->uid) {
2744 archive_set_error(&a->archive, errno,
2745 "Can't set UID=%jd", (intmax_t)a->uid);
2746 return (ARCHIVE_WARN);
2751 /* If we have an fd, we can avoid a race. */
2752 if (a->fd >= 0 && fchown(a->fd, a->uid, a->gid) == 0) {
2753 /* We've set owner and know uid/gid are correct. */
2754 a->todo &= ~(TODO_OWNER | TODO_SGID_CHECK | TODO_SUID_CHECK);
2755 return (ARCHIVE_OK);
2759 /* We prefer lchown() but will use chown() if that's all we have. */
2760 /* Of course, if we have neither, this will always fail. */
2762 if (lchown(a->name, a->uid, a->gid) == 0) {
2763 /* We've set owner and know uid/gid are correct. */
2764 a->todo &= ~(TODO_OWNER | TODO_SGID_CHECK | TODO_SUID_CHECK);
2765 return (ARCHIVE_OK);
2768 if (!S_ISLNK(a->mode) && chown(a->name, a->uid, a->gid) == 0) {
2769 /* We've set owner and know uid/gid are correct. */
2770 a->todo &= ~(TODO_OWNER | TODO_SGID_CHECK | TODO_SUID_CHECK);
2771 return (ARCHIVE_OK);
2775 archive_set_error(&a->archive, errno,
2776 "Can't set user=%jd/group=%jd for %s",
2777 (intmax_t)a->uid, (intmax_t)a->gid, a->name);
2778 return (ARCHIVE_WARN);
2782 * Note: Returns 0 on success, non-zero on failure.
2785 set_time(int fd, int mode, const char *name,
2786 time_t atime, long atime_nsec,
2787 time_t mtime, long mtime_nsec)
2789 /* Select the best implementation for this platform. */
2790 #if defined(HAVE_UTIMENSAT) && defined(HAVE_FUTIMENS)
2792 * utimensat() and futimens() are defined in
2793 * POSIX.1-2008. They support ns resolution and setting times
2794 * on fds and symlinks.
2796 struct timespec ts[2];
2797 (void)mode; /* UNUSED */
2798 ts[0].tv_sec = atime;
2799 ts[0].tv_nsec = atime_nsec;
2800 ts[1].tv_sec = mtime;
2801 ts[1].tv_nsec = mtime_nsec;
2803 return futimens(fd, ts);
2804 return utimensat(AT_FDCWD, name, ts, AT_SYMLINK_NOFOLLOW);
2808 * The utimes()-family functions support µs-resolution and
2809 * setting times fds and symlinks. utimes() is documented as
2810 * LEGACY by POSIX, futimes() and lutimes() are not described
2813 struct timeval times[2];
2815 times[0].tv_sec = atime;
2816 times[0].tv_usec = atime_nsec / 1000;
2817 times[1].tv_sec = mtime;
2818 times[1].tv_usec = mtime_nsec / 1000;
2822 return (futimes(fd, times));
2824 (void)fd; /* UNUSED */
2827 (void)mode; /* UNUSED */
2828 return (lutimes(name, times));
2832 return (utimes(name, times));
2835 #elif defined(HAVE_UTIME)
2837 * utime() is POSIX-standard but only supports 1s resolution and
2838 * does not support fds or symlinks.
2840 struct utimbuf times;
2841 (void)fd; /* UNUSED */
2842 (void)name; /* UNUSED */
2843 (void)atime_nsec; /* UNUSED */
2844 (void)mtime_nsec; /* UNUSED */
2845 times.actime = atime;
2846 times.modtime = mtime;
2848 return (ARCHIVE_OK);
2849 return (utime(name, ×));
2853 * We don't know how to set the time on this platform.
2855 (void)fd; /* UNUSED */
2856 (void)mode; /* UNUSED */
2857 (void)name; /* UNUSED */
2858 (void)atime_nsec; /* UNUSED */
2859 (void)mtime_nsec; /* UNUSED */
2860 return (ARCHIVE_WARN);
2864 #ifdef F_SETTIMES /* Tru64 */
2866 set_time_tru64(int fd, int mode, const char *name,
2867 time_t atime, long atime_nsec,
2868 time_t mtime, long mtime_nsec,
2869 time_t ctime, long ctime_nsec)
2871 struct attr_timbuf tstamp;
2872 struct timeval times[3];
2873 times[0].tv_sec = atime;
2874 times[0].tv_usec = atime_nsec / 1000;
2875 times[1].tv_sec = mtime;
2876 times[1].tv_usec = mtime_nsec / 1000;
2877 times[2].tv_sec = ctime;
2878 times[2].tv_usec = ctime_nsec / 1000;
2879 tstamp.atime = times[0];
2880 tstamp.mtime = times[1];
2881 tstamp.ctime = times[2];
2882 return (fcntl(fd,F_SETTIMES,&tstamp));
2887 set_times(struct archive_write_disk *a,
2888 int fd, int mode, const char *name,
2889 time_t atime, long atime_nanos,
2890 time_t birthtime, long birthtime_nanos,
2891 time_t mtime, long mtime_nanos,
2892 time_t cctime, long ctime_nanos)
2894 /* Note: set_time doesn't use libarchive return conventions!
2895 * It uses syscall conventions. So 0 here instead of ARCHIVE_OK. */
2900 * on Tru64 try own fcntl first which can restore even the
2901 * ctime, fall back to default code path below if it fails
2902 * or if we are not running as root
2904 if (a->user_uid == 0 &&
2905 set_time_tru64(fd, mode, name,
2906 atime, atime_nanos, mtime,
2907 mtime_nanos, cctime, ctime_nanos) == 0) {
2908 return (ARCHIVE_OK);
2911 (void)cctime; /* UNUSED */
2912 (void)ctime_nanos; /* UNUSED */
2915 #ifdef HAVE_STRUCT_STAT_ST_BIRTHTIME
2917 * If you have struct stat.st_birthtime, we assume BSD
2918 * birthtime semantics, in which {f,l,}utimes() updates
2919 * birthtime to earliest mtime. So we set the time twice,
2920 * first using the birthtime, then using the mtime. If
2921 * birthtime == mtime, this isn't necessary, so we skip it.
2922 * If birthtime > mtime, then this won't work, so we skip it.
2924 if (birthtime < mtime
2925 || (birthtime == mtime && birthtime_nanos < mtime_nanos))
2926 r1 = set_time(fd, mode, name,
2928 birthtime, birthtime_nanos);
2930 (void)birthtime; /* UNUSED */
2931 (void)birthtime_nanos; /* UNUSED */
2933 r2 = set_time(fd, mode, name,
2935 mtime, mtime_nanos);
2936 if (r1 != 0 || r2 != 0) {
2937 archive_set_error(&a->archive, errno,
2938 "Can't restore time");
2939 return (ARCHIVE_WARN);
2941 return (ARCHIVE_OK);
2945 set_times_from_entry(struct archive_write_disk *a)
2947 time_t atime, birthtime, mtime, cctime;
2948 long atime_nsec, birthtime_nsec, mtime_nsec, ctime_nsec;
2950 /* Suitable defaults. */
2951 atime = birthtime = mtime = cctime = a->start_time;
2952 atime_nsec = birthtime_nsec = mtime_nsec = ctime_nsec = 0;
2954 /* If no time was provided, we're done. */
2955 if (!archive_entry_atime_is_set(a->entry)
2956 #if HAVE_STRUCT_STAT_ST_BIRTHTIME
2957 && !archive_entry_birthtime_is_set(a->entry)
2959 && !archive_entry_mtime_is_set(a->entry))
2960 return (ARCHIVE_OK);
2962 if (archive_entry_atime_is_set(a->entry)) {
2963 atime = archive_entry_atime(a->entry);
2964 atime_nsec = archive_entry_atime_nsec(a->entry);
2966 if (archive_entry_birthtime_is_set(a->entry)) {
2967 birthtime = archive_entry_birthtime(a->entry);
2968 birthtime_nsec = archive_entry_birthtime_nsec(a->entry);
2970 if (archive_entry_mtime_is_set(a->entry)) {
2971 mtime = archive_entry_mtime(a->entry);
2972 mtime_nsec = archive_entry_mtime_nsec(a->entry);
2974 if (archive_entry_ctime_is_set(a->entry)) {
2975 cctime = archive_entry_ctime(a->entry);
2976 ctime_nsec = archive_entry_ctime_nsec(a->entry);
2979 return set_times(a, a->fd, a->mode, a->name,
2981 birthtime, birthtime_nsec,
2983 cctime, ctime_nsec);
2987 set_mode(struct archive_write_disk *a, int mode)
2990 mode &= 07777; /* Strip off file type bits. */
2992 if (a->todo & TODO_SGID_CHECK) {
2994 * If we don't know the GID is right, we must stat()
2995 * to verify it. We can't just check the GID of this
2996 * process, since systems sometimes set GID from
2997 * the enclosing dir or based on ACLs.
2999 if ((r = lazy_stat(a)) != ARCHIVE_OK)
3001 if (a->pst->st_gid != a->gid) {
3003 if (a->flags & ARCHIVE_EXTRACT_OWNER) {
3005 * This is only an error if you
3006 * requested owner restore. If you
3007 * didn't, we'll try to restore
3008 * sgid/suid, but won't consider it a
3009 * problem if we can't.
3011 archive_set_error(&a->archive, -1,
3012 "Can't restore SGID bit");
3016 /* While we're here, double-check the UID. */
3017 if (a->pst->st_uid != a->uid
3018 && (a->todo & TODO_SUID)) {
3020 if (a->flags & ARCHIVE_EXTRACT_OWNER) {
3021 archive_set_error(&a->archive, -1,
3022 "Can't restore SUID bit");
3026 a->todo &= ~TODO_SGID_CHECK;
3027 a->todo &= ~TODO_SUID_CHECK;
3028 } else if (a->todo & TODO_SUID_CHECK) {
3030 * If we don't know the UID is right, we can just check
3031 * the user, since all systems set the file UID from
3034 if (a->user_uid != a->uid) {
3036 if (a->flags & ARCHIVE_EXTRACT_OWNER) {
3037 archive_set_error(&a->archive, -1,
3038 "Can't make file SUID");
3042 a->todo &= ~TODO_SUID_CHECK;
3045 if (S_ISLNK(a->mode)) {
3048 * If this is a symlink, use lchmod(). If the
3049 * platform doesn't support lchmod(), just skip it. A
3050 * platform that doesn't provide a way to set
3051 * permissions on symlinks probably ignores
3052 * permissions on symlinks, so a failure here has no
3055 if (lchmod(a->name, mode) != 0) {
3056 archive_set_error(&a->archive, errno,
3057 "Can't set permissions to 0%o", (int)mode);
3061 } else if (!S_ISDIR(a->mode)) {
3063 * If it's not a symlink and not a dir, then use
3064 * fchmod() or chmod(), depending on whether we have
3065 * an fd. Dirs get their perms set during the
3066 * post-extract fixup, which is handled elsewhere.
3070 if (fchmod(a->fd, mode) != 0) {
3071 archive_set_error(&a->archive, errno,
3072 "Can't set permissions to 0%o", (int)mode);
3077 /* If this platform lacks fchmod(), then
3078 * we'll just use chmod(). */
3079 if (chmod(a->name, mode) != 0) {
3080 archive_set_error(&a->archive, errno,
3081 "Can't set permissions to 0%o", (int)mode);
3089 set_fflags(struct archive_write_disk *a)
3091 struct fixup_entry *le;
3092 unsigned long set, clear;
3095 mode_t mode = archive_entry_mode(a->entry);
3098 * Make 'critical_flags' hold all file flags that can't be
3099 * immediately restored. For example, on BSD systems,
3100 * SF_IMMUTABLE prevents hardlinks from being created, so
3101 * should not be set until after any hardlinks are created. To
3102 * preserve some semblance of portability, this uses #ifdef
3103 * extensively. Ugly, but it works.
3105 * Yes, Virginia, this does create a security race. It's mitigated
3106 * somewhat by the practice of creating dirs 0700 until the extract
3107 * is done, but it would be nice if we could do more than that.
3108 * People restoring critical file systems should be wary of
3109 * other programs that might try to muck with files as they're
3112 /* Hopefully, the compiler will optimize this mess into a constant. */
3115 critical_flags |= SF_IMMUTABLE;
3118 critical_flags |= UF_IMMUTABLE;
3121 critical_flags |= SF_APPEND;
3124 critical_flags |= UF_APPEND;
3126 #ifdef EXT2_APPEND_FL
3127 critical_flags |= EXT2_APPEND_FL;
3129 #ifdef EXT2_IMMUTABLE_FL
3130 critical_flags |= EXT2_IMMUTABLE_FL;
3133 if (a->todo & TODO_FFLAGS) {
3134 archive_entry_fflags(a->entry, &set, &clear);
3137 * The first test encourages the compiler to eliminate
3138 * all of this if it's not necessary.
3140 if ((critical_flags != 0) && (set & critical_flags)) {
3141 le = current_fixup(a, a->name);
3143 return (ARCHIVE_FATAL);
3144 le->fixup |= TODO_FFLAGS;
3145 le->fflags_set = set;
3146 /* Store the mode if it's not already there. */
3147 if ((le->fixup & TODO_MODE) == 0)
3150 r = set_fflags_platform(a, a->fd,
3151 a->name, mode, set, clear);
3152 if (r != ARCHIVE_OK)
3156 return (ARCHIVE_OK);
3160 #if ( defined(HAVE_LCHFLAGS) || defined(HAVE_CHFLAGS) || defined(HAVE_FCHFLAGS) ) && defined(HAVE_STRUCT_STAT_ST_FLAGS)
3162 * BSD reads flags using stat() and sets them with one of {f,l,}chflags()
3165 set_fflags_platform(struct archive_write_disk *a, int fd, const char *name,
3166 mode_t mode, unsigned long set, unsigned long clear)
3170 (void)mode; /* UNUSED */
3171 if (set == 0 && clear == 0)
3172 return (ARCHIVE_OK);
3175 * XXX Is the stat here really necessary? Or can I just use
3176 * the 'set' flags directly? In particular, I'm not sure
3177 * about the correct approach if we're overwriting an existing
3178 * file that already has flags on it. XXX
3180 if ((r = lazy_stat(a)) != ARCHIVE_OK)
3183 a->st.st_flags &= ~clear;
3184 a->st.st_flags |= set;
3185 #ifdef HAVE_FCHFLAGS
3186 /* If platform has fchflags() and we were given an fd, use it. */
3187 if (fd >= 0 && fchflags(fd, a->st.st_flags) == 0)
3188 return (ARCHIVE_OK);
3191 * If we can't use the fd to set the flags, we'll use the
3192 * pathname to set flags. We prefer lchflags() but will use
3193 * chflags() if we must.
3195 #ifdef HAVE_LCHFLAGS
3196 if (lchflags(name, a->st.st_flags) == 0)
3197 return (ARCHIVE_OK);
3198 #elif defined(HAVE_CHFLAGS)
3199 if (S_ISLNK(a->st.st_mode)) {
3200 archive_set_error(&a->archive, errno,
3201 "Can't set file flags on symlink.");
3202 return (ARCHIVE_WARN);
3204 if (chflags(name, a->st.st_flags) == 0)
3205 return (ARCHIVE_OK);
3207 archive_set_error(&a->archive, errno,
3208 "Failed to set file flags");
3209 return (ARCHIVE_WARN);
3212 #elif defined(EXT2_IOC_GETFLAGS) && defined(EXT2_IOC_SETFLAGS) && defined(HAVE_WORKING_EXT2_IOC_GETFLAGS)
3214 * Linux uses ioctl() to read and write file flags.
3217 set_fflags_platform(struct archive_write_disk *a, int fd, const char *name,
3218 mode_t mode, unsigned long set, unsigned long clear)
3222 int newflags, oldflags;
3225 if (set == 0 && clear == 0)
3226 return (ARCHIVE_OK);
3227 /* Only regular files and dirs can have flags. */
3228 if (!S_ISREG(mode) && !S_ISDIR(mode))
3229 return (ARCHIVE_OK);
3231 /* If we weren't given an fd, open it ourselves. */
3233 myfd = open(name, O_RDONLY | O_NONBLOCK | O_BINARY | O_CLOEXEC);
3234 __archive_ensure_cloexec_flag(myfd);
3237 return (ARCHIVE_OK);
3240 * Linux has no define for the flags that are only settable by
3241 * the root user. This code may seem a little complex, but
3242 * there seem to be some Linux systems that lack these
3243 * defines. (?) The code below degrades reasonably gracefully
3244 * if sf_mask is incomplete.
3246 #ifdef EXT2_IMMUTABLE_FL
3247 sf_mask |= EXT2_IMMUTABLE_FL;
3249 #ifdef EXT2_APPEND_FL
3250 sf_mask |= EXT2_APPEND_FL;
3253 * XXX As above, this would be way simpler if we didn't have
3254 * to read the current flags from disk. XXX
3258 /* Read the current file flags. */
3259 if (ioctl(myfd, EXT2_IOC_GETFLAGS, &oldflags) < 0)
3262 /* Try setting the flags as given. */
3263 newflags = (oldflags & ~clear) | set;
3264 if (ioctl(myfd, EXT2_IOC_SETFLAGS, &newflags) >= 0)
3269 /* If we couldn't set all the flags, try again with a subset. */
3270 newflags &= ~sf_mask;
3271 oldflags &= sf_mask;
3272 newflags |= oldflags;
3273 if (ioctl(myfd, EXT2_IOC_SETFLAGS, &newflags) >= 0)
3276 /* We couldn't set the flags, so report the failure. */
3278 archive_set_error(&a->archive, errno,
3279 "Failed to set file flags");
3290 * Of course, some systems have neither BSD chflags() nor Linux' flags
3291 * support through ioctl().
3294 set_fflags_platform(struct archive_write_disk *a, int fd, const char *name,
3295 mode_t mode, unsigned long set, unsigned long clear)
3297 (void)a; /* UNUSED */
3298 (void)fd; /* UNUSED */
3299 (void)name; /* UNUSED */
3300 (void)mode; /* UNUSED */
3301 (void)set; /* UNUSED */
3302 (void)clear; /* UNUSED */
3303 return (ARCHIVE_OK);
3306 #endif /* __linux */
3308 #ifndef HAVE_COPYFILE_H
3309 /* Default is to simply drop Mac extended metadata. */
3311 set_mac_metadata(struct archive_write_disk *a, const char *pathname,
3312 const void *metadata, size_t metadata_size)
3314 (void)a; /* UNUSED */
3315 (void)pathname; /* UNUSED */
3316 (void)metadata; /* UNUSED */
3317 (void)metadata_size; /* UNUSED */
3318 return (ARCHIVE_OK);
3322 fixup_appledouble(struct archive_write_disk *a, const char *pathname)
3324 (void)a; /* UNUSED */
3325 (void)pathname; /* UNUSED */
3326 return (ARCHIVE_OK);
3331 * On Mac OS, we use copyfile() to unpack the metadata and
3332 * apply it to the target file.
3335 #if defined(HAVE_SYS_XATTR_H)
3337 copy_xattrs(struct archive_write_disk *a, int tmpfd, int dffd)
3340 char *xattr_names = NULL, *xattr_val = NULL;
3341 int ret = ARCHIVE_OK, xattr_i;
3343 xattr_size = flistxattr(tmpfd, NULL, 0, 0);
3344 if (xattr_size == -1) {
3345 archive_set_error(&a->archive, errno,
3346 "Failed to read metadata(xattr)");
3350 xattr_names = malloc(xattr_size);
3351 if (xattr_names == NULL) {
3352 archive_set_error(&a->archive, ENOMEM,
3353 "Can't allocate memory for metadata(xattr)");
3354 ret = ARCHIVE_FATAL;
3357 xattr_size = flistxattr(tmpfd, xattr_names, xattr_size, 0);
3358 if (xattr_size == -1) {
3359 archive_set_error(&a->archive, errno,
3360 "Failed to read metadata(xattr)");
3364 for (xattr_i = 0; xattr_i < xattr_size;
3365 xattr_i += strlen(xattr_names + xattr_i) + 1) {
3369 s = fgetxattr(tmpfd, xattr_names + xattr_i, NULL, 0, 0, 0);
3371 archive_set_error(&a->archive, errno,
3372 "Failed to get metadata(xattr)");
3376 xattr_val = realloc(xattr_val, s);
3377 if (xattr_val == NULL) {
3378 archive_set_error(&a->archive, ENOMEM,
3379 "Failed to get metadata(xattr)");
3383 s = fgetxattr(tmpfd, xattr_names + xattr_i, xattr_val, s, 0, 0);
3385 archive_set_error(&a->archive, errno,
3386 "Failed to get metadata(xattr)");
3390 f = fsetxattr(dffd, xattr_names + xattr_i, xattr_val, s, 0, 0);
3392 archive_set_error(&a->archive, errno,
3393 "Failed to get metadata(xattr)");
3406 copy_acls(struct archive_write_disk *a, int tmpfd, int dffd)
3408 acl_t acl, dfacl = NULL;
3409 int acl_r, ret = ARCHIVE_OK;
3411 acl = acl_get_fd(tmpfd);
3413 if (errno == ENOENT)
3414 /* There are not any ACLs. */
3416 archive_set_error(&a->archive, errno,
3417 "Failed to get metadata(acl)");
3421 dfacl = acl_dup(acl);
3422 acl_r = acl_set_fd(dffd, dfacl);
3424 archive_set_error(&a->archive, errno,
3425 "Failed to get metadata(acl)");
3438 create_tempdatafork(struct archive_write_disk *a, const char *pathname)
3440 struct archive_string tmpdatafork;
3443 archive_string_init(&tmpdatafork);
3444 archive_strcpy(&tmpdatafork, "tar.md.XXXXXX");
3445 tmpfd = mkstemp(tmpdatafork.s);
3447 archive_set_error(&a->archive, errno,
3448 "Failed to mkstemp");
3449 archive_string_free(&tmpdatafork);
3452 if (copyfile(pathname, tmpdatafork.s, 0,
3453 COPYFILE_UNPACK | COPYFILE_NOFOLLOW
3454 | COPYFILE_ACL | COPYFILE_XATTR) < 0) {
3455 archive_set_error(&a->archive, errno,
3456 "Failed to restore metadata");
3460 unlink(tmpdatafork.s);
3461 archive_string_free(&tmpdatafork);
3466 copy_metadata(struct archive_write_disk *a, const char *metadata,
3467 const char *datafork, int datafork_compressed)
3469 int ret = ARCHIVE_OK;
3471 if (datafork_compressed) {
3474 tmpfd = create_tempdatafork(a, metadata);
3476 return (ARCHIVE_WARN);
3479 * Do not open the data fork compressed by HFS+ compression
3480 * with at least a writing mode(O_RDWR or O_WRONLY). it
3481 * makes the data fork uncompressed.
3483 dffd = open(datafork, 0);
3485 archive_set_error(&a->archive, errno,
3486 "Failed to open the data fork for metadata");
3488 return (ARCHIVE_WARN);
3491 #if defined(HAVE_SYS_XATTR_H)
3492 ret = copy_xattrs(a, tmpfd, dffd);
3493 if (ret == ARCHIVE_OK)
3495 ret = copy_acls(a, tmpfd, dffd);
3499 if (copyfile(metadata, datafork, 0,
3500 COPYFILE_UNPACK | COPYFILE_NOFOLLOW
3501 | COPYFILE_ACL | COPYFILE_XATTR) < 0) {
3502 archive_set_error(&a->archive, errno,
3503 "Failed to restore metadata");
3511 set_mac_metadata(struct archive_write_disk *a, const char *pathname,
3512 const void *metadata, size_t metadata_size)
3514 struct archive_string tmp;
3517 int ret = ARCHIVE_OK;
3519 /* This would be simpler if copyfile() could just accept the
3520 * metadata as a block of memory; then we could sidestep this
3521 * silly dance of writing the data to disk just so that
3522 * copyfile() can read it back in again. */
3523 archive_string_init(&tmp);
3524 archive_strcpy(&tmp, pathname);
3525 archive_strcat(&tmp, ".XXXXXX");
3526 fd = mkstemp(tmp.s);
3529 archive_set_error(&a->archive, errno,
3530 "Failed to restore metadata");
3531 archive_string_free(&tmp);
3532 return (ARCHIVE_WARN);
3534 written = write(fd, metadata, metadata_size);
3536 if ((size_t)written != metadata_size) {
3537 archive_set_error(&a->archive, errno,
3538 "Failed to restore metadata");
3543 #if defined(UF_COMPRESSED)
3544 if ((a->todo & TODO_HFS_COMPRESSION) != 0 &&
3545 (ret = lazy_stat(a)) == ARCHIVE_OK)
3546 compressed = a->st.st_flags & UF_COMPRESSED;
3550 ret = copy_metadata(a, tmp.s, pathname, compressed);
3553 archive_string_free(&tmp);
3558 fixup_appledouble(struct archive_write_disk *a, const char *pathname)
3563 struct archive_string datafork;
3564 int fd = -1, ret = ARCHIVE_OK;
3566 archive_string_init(&datafork);
3567 /* Check if the current file name is a type of the resource
3569 p = strrchr(pathname, '/');
3574 if (p[0] != '.' || p[1] != '_')
3575 goto skip_appledouble;
3578 * Check if the data fork file exists.
3580 * TODO: Check if this write disk object has handled it.
3582 archive_strncpy(&datafork, pathname, p - pathname);
3583 archive_strcat(&datafork, p + 2);
3584 if (lstat(datafork.s, &st) == -1 ||
3585 (st.st_mode & AE_IFMT) != AE_IFREG)
3586 goto skip_appledouble;
3589 * Check if the file is in the AppleDouble form.
3591 fd = open(pathname, O_RDONLY | O_BINARY | O_CLOEXEC);
3592 __archive_ensure_cloexec_flag(fd);
3594 archive_set_error(&a->archive, errno,
3595 "Failed to open a restoring file");
3597 goto skip_appledouble;
3599 if (read(fd, buff, 8) == -1) {
3600 archive_set_error(&a->archive, errno,
3601 "Failed to read a restoring file");
3604 goto skip_appledouble;
3607 /* Check AppleDouble Magic Code. */
3608 if (archive_be32dec(buff) != 0x00051607)
3609 goto skip_appledouble;
3610 /* Check AppleDouble Version. */
3611 if (archive_be32dec(buff+4) != 0x00020000)
3612 goto skip_appledouble;
3614 ret = copy_metadata(a, pathname, datafork.s,
3615 #if defined(UF_COMPRESSED)
3616 st.st_flags & UF_COMPRESSED);
3620 if (ret == ARCHIVE_OK) {
3625 archive_string_free(&datafork);
3630 #if HAVE_LSETXATTR || HAVE_LSETEA
3632 * Restore extended attributes - Linux and AIX implementations:
3633 * AIX' ea interface is syntaxwise identical to the Linux xattr interface.
3636 set_xattrs(struct archive_write_disk *a)
3638 struct archive_entry *entry = a->entry;
3639 static int warning_done = 0;
3640 int ret = ARCHIVE_OK;
3641 int i = archive_entry_xattr_reset(entry);
3647 archive_entry_xattr_next(entry, &name, &value, &size);
3649 strncmp(name, "xfsroot.", 8) != 0 &&
3650 strncmp(name, "system.", 7) != 0) {
3654 e = fsetxattr(a->fd, name, value, size, 0);
3658 e = fsetea(a->fd, name, value, size, 0);
3663 e = lsetxattr(archive_entry_pathname(entry),
3664 name, value, size, 0);
3666 e = lsetea(archive_entry_pathname(entry),
3667 name, value, size, 0);
3671 if (errno == ENOTSUP || errno == ENOSYS) {
3672 if (!warning_done) {
3674 archive_set_error(&a->archive, errno,
3675 "Cannot restore extended "
3676 "attributes on this file "
3680 archive_set_error(&a->archive, errno,
3681 "Failed to set extended attribute");
3685 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
3686 "Invalid extended attribute encountered");
3692 #elif HAVE_EXTATTR_SET_FILE && HAVE_DECL_EXTATTR_NAMESPACE_USER
3694 * Restore extended attributes - FreeBSD implementation
3697 set_xattrs(struct archive_write_disk *a)
3699 struct archive_entry *entry = a->entry;
3700 static int warning_done = 0;
3701 int ret = ARCHIVE_OK;
3702 int i = archive_entry_xattr_reset(entry);
3708 archive_entry_xattr_next(entry, &name, &value, &size);
3713 if (strncmp(name, "user.", 5) == 0) {
3714 /* "user." attributes go to user namespace */
3716 namespace = EXTATTR_NAMESPACE_USER;
3718 /* Warn about other extended attributes. */
3719 archive_set_error(&a->archive,
3720 ARCHIVE_ERRNO_FILE_FORMAT,
3721 "Can't restore extended attribute ``%s''",
3727 #if HAVE_EXTATTR_SET_FD
3729 e = extattr_set_fd(a->fd, namespace, name, value, size);
3732 /* TODO: should we use extattr_set_link() instead? */
3734 e = extattr_set_file(archive_entry_pathname(entry),
3735 namespace, name, value, size);
3737 if (e != (int)size) {
3738 if (errno == ENOTSUP || errno == ENOSYS) {
3739 if (!warning_done) {
3741 archive_set_error(&a->archive, errno,
3742 "Cannot restore extended "
3743 "attributes on this file "
3747 archive_set_error(&a->archive, errno,
3748 "Failed to set extended attribute");
3759 * Restore extended attributes - stub implementation for unsupported systems
3762 set_xattrs(struct archive_write_disk *a)
3764 static int warning_done = 0;
3766 /* If there aren't any extended attributes, then it's okay not
3767 * to extract them, otherwise, issue a single warning. */
3768 if (archive_entry_xattr_count(a->entry) != 0 && !warning_done) {
3770 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
3771 "Cannot restore extended attributes on this system");
3772 return (ARCHIVE_WARN);
3774 /* Warning was already emitted; suppress further warnings. */
3775 return (ARCHIVE_OK);
3780 * Test if file on disk is older than entry.
3783 older(struct stat *st, struct archive_entry *entry)
3785 /* First, test the seconds and return if we have a definite answer. */
3786 /* Definitely older. */
3787 if (st->st_mtime < archive_entry_mtime(entry))
3789 /* Definitely younger. */
3790 if (st->st_mtime > archive_entry_mtime(entry))
3792 /* If this platform supports fractional seconds, try those. */
3793 #if HAVE_STRUCT_STAT_ST_MTIMESPEC_TV_NSEC
3794 /* Definitely older. */
3795 if (st->st_mtimespec.tv_nsec < archive_entry_mtime_nsec(entry))
3797 #elif HAVE_STRUCT_STAT_ST_MTIM_TV_NSEC
3798 /* Definitely older. */
3799 if (st->st_mtim.tv_nsec < archive_entry_mtime_nsec(entry))
3801 #elif HAVE_STRUCT_STAT_ST_MTIME_N
3803 if (st->st_mtime_n < archive_entry_mtime_nsec(entry))
3805 #elif HAVE_STRUCT_STAT_ST_UMTIME
3807 if (st->st_umtime * 1000 < archive_entry_mtime_nsec(entry))
3809 #elif HAVE_STRUCT_STAT_ST_MTIME_USEC
3811 if (st->st_mtime_usec * 1000 < archive_entry_mtime_nsec(entry))
3814 /* This system doesn't have high-res timestamps. */
3816 /* Same age or newer, so not older. */
3820 #endif /* !_WIN32 || __CYGWIN__ */
projects / dragonfly.git / blob