/*- * Copyright (c) 2003-2004 Tim Kientzle * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer * in this position and unchanged. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "archive_platform.h" __FBSDID("$FreeBSD$"); #include #include #ifdef HAVE_POSIX_ACL #include #endif #include #include #include #include #include #include #include #include #include #include #ifdef LINUX #include #include #endif #include "archive.h" #include "archive_string.h" #include "archive_entry.h" #include "archive_private.h" struct fixup_entry { struct fixup_entry *next; mode_t mode; int64_t mtime; int64_t atime; unsigned long mtime_nanos; unsigned long atime_nanos; unsigned long fflags_set; int fixup; /* bitmask of what needs fixing */ char *name; }; #define FIXUP_MODE 1 #define FIXUP_TIMES 2 #define FIXUP_FFLAGS 4 struct extract { struct archive_string mkdirpath; struct fixup_entry *fixup_list; }; static void archive_extract_cleanup(struct archive *); static int archive_read_extract_block_device(struct archive *, struct archive_entry *, int); static int archive_read_extract_char_device(struct archive *, struct archive_entry *, int); static int archive_read_extract_device(struct archive *, struct archive_entry *, int flags, mode_t mode); static int archive_read_extract_dir(struct archive *, struct archive_entry *, int); static int archive_read_extract_dir_create(struct archive *, const char *name, int mode, int flags); static int archive_read_extract_fifo(struct archive *, struct archive_entry *, int); static int archive_read_extract_hard_link(struct archive *, struct archive_entry *, int); static int archive_read_extract_regular(struct archive *, struct archive_entry *, int); static int archive_read_extract_regular_open(struct archive *, const char *name, int mode, int flags); static int archive_read_extract_symbolic_link(struct archive *, struct archive_entry *, int); static gid_t lookup_gid(struct archive *, const char *uname, gid_t); static uid_t lookup_uid(struct archive *, const char *uname, uid_t); static int mkdirpath(struct archive *, const char *); static int mkdirpath_recursive(char *path); static int mksubdir(char *path); #ifdef HAVE_POSIX_ACL static int set_acl(struct archive *, struct archive_entry *, acl_type_t, int archive_entry_acl_type, const char *tn); #endif static int set_acls(struct archive *, struct archive_entry *); static int set_extended_perm(struct archive *, struct archive_entry *, int flags); static int set_fflags(struct archive *, const char *name, mode_t mode, unsigned long fflags_set, unsigned long fflags_clear); static int set_ownership(struct archive *, struct archive_entry *, int); static int set_perm(struct archive *, struct archive_entry *, int mode, int flags); static int set_time(struct archive *, struct archive_entry *, int); static struct fixup_entry *sort_dir_list(struct fixup_entry *p); /* * Extract this entry to disk. * * TODO: Validate hardlinks. According to the standards, we're * supposed to check each extracted hardlink and squawk if it refers * to a file that we didn't restore. I'm not entirely convinced this * is a good idea, but more importantly: Is there any way to validate * hardlinks without keeping a complete list of filenames from the * entire archive?? Ugh. * */ int archive_read_extract(struct archive *a, struct archive_entry *entry, int flags) { mode_t mode; struct extract *extract; int ret; int restore_pwd; if (a->extract == NULL) { a->extract = malloc(sizeof(*a->extract)); if (a->extract == NULL) { archive_set_error(a, ENOMEM, "Can't extract"); return (ARCHIVE_FATAL); } a->cleanup_archive_extract = archive_extract_cleanup; memset(a->extract, 0, sizeof(*a->extract)); } extract = a->extract; restore_pwd = -1; if (archive_entry_hardlink(entry) != NULL) return (archive_read_extract_hard_link(a, entry, flags)); /* * TODO: If pathname is longer than PATH_MAX, record starting * directory and move to a suitable intermediate dir, which * might require creating them! */ if (strlen(archive_entry_pathname(entry)) > PATH_MAX) { restore_pwd = open(".", O_RDONLY); /* XXX chdir() to a suitable intermediate dir XXX */ /* XXX Update pathname in 'entry' XXX */ } mode = archive_entry_mode(entry); switch (mode & S_IFMT) { default: /* Fall through, as required by POSIX. */ case S_IFREG: ret = archive_read_extract_regular(a, entry, flags); break; case S_IFLNK: /* Symlink */ ret = archive_read_extract_symbolic_link(a, entry, flags); break; case S_IFCHR: ret = archive_read_extract_char_device(a, entry, flags); break; case S_IFBLK: ret = archive_read_extract_block_device(a, entry, flags); break; case S_IFDIR: ret = archive_read_extract_dir(a, entry, flags); break; case S_IFIFO: ret = archive_read_extract_fifo(a, entry, flags); break; } /* If we changed directory above, restore it here. */ if (restore_pwd >= 0) fchdir(restore_pwd); return (ret); } /* * Cleanup function for archive_extract. Free name/mode list and * restore permissions and dir timestamps. This must be done last; * otherwise, the dir permission might prevent us from restoring a * file. Similarly, the act of restoring a file touches the directory * and changes the timestamp on the dir, so we have to touch-up the * timestamps at the end as well. Note that tar/cpio do not require * that archives be in a particular order; there is no way to know * when the last file has been restored within a directory, so there's * no way to optimize the memory usage here by fixing up the directory * any earlier than the end-of-archive. * * XXX TODO: Directory ACLs should be restored here, for the same * reason we set directory perms here. XXX * * Registering this function (rather than calling it explicitly by * name from archive_read_finish) reduces static link pollution, since * applications that don't use this API won't get this file linked in. */ static void archive_extract_cleanup(struct archive *a) { struct fixup_entry *next, *p; struct extract *extract; /* Sort dir list so directories are fixed up in depth-first order. */ extract = a->extract; p = sort_dir_list(extract->fixup_list); while (p != NULL) { if (p->fixup & FIXUP_TIMES) { struct timeval times[2]; times[1].tv_sec = p->mtime; times[1].tv_usec = p->mtime_nanos / 1000; times[0].tv_sec = p->atime; times[0].tv_usec = p->atime_nanos / 1000; utimes(p->name, times); } if (p->fixup & FIXUP_MODE) chmod(p->name, p->mode); if (p->fixup & FIXUP_FFLAGS) set_fflags(a, p->name, p->mode, p->fflags_set, 0); next = p->next; free(p->name); free(p); p = next; } extract->fixup_list = NULL; archive_string_free(&extract->mkdirpath); free(a->extract); a->extract = NULL; } /* * Simple O(n log n) merge sort to order the fixup list. In * particular, we want to restore dir timestamps depth-first. */ static struct fixup_entry * sort_dir_list(struct fixup_entry *p) { struct fixup_entry *a, *b, *t; if (p == NULL) return (NULL); /* A one-item list is already sorted. */ if (p->next == NULL) return (p); /* Step 1: split the list. */ t = p; a = p->next->next; while (a != NULL) { /* Step a twice, t once. */ a = a->next; if (a != NULL) a = a->next; t = t->next; } /* Now, t is at the mid-point, so break the list here. */ b = t->next; t->next = NULL; a = p; /* Step 2: Recursively sort the two sub-lists. */ a = sort_dir_list(a); b = sort_dir_list(b); /* Step 3: Merge the returned lists. */ /* Pick the first element for the merged list. */ if (strcmp(a->name, b->name) > 0) { t = p = a; a = a->next; } else { t = p = b; b = b->next; } /* Always put the later element on the list first. */ while (a != NULL && b != NULL) { if (strcmp(a->name, b->name) > 0) { t->next = a; a = a->next; } else { t->next = b; b = b->next; } t = t->next; } /* Only one list is non-empty, so just splice it on. */ if (a != NULL) t->next = a; if (b != NULL) t->next = b; return (p); } static int archive_read_extract_regular(struct archive *a, struct archive_entry *entry, int flags) { int fd, r; ssize_t s; r = ARCHIVE_OK; fd = archive_read_extract_regular_open(a, archive_entry_pathname(entry), archive_entry_mode(entry), flags); if (fd < 0) { archive_set_error(a, errno, "Can't open"); return (ARCHIVE_WARN); } s = archive_read_data_into_fd(a, fd); if (s < archive_entry_size(entry)) { /* Didn't read enough data? Complain but keep going. */ archive_set_error(a, EIO, "Archive data truncated"); r = ARCHIVE_WARN; } set_ownership(a, entry, flags); set_time(a, entry, flags); /* Always restore permissions for regular files. */ set_perm(a, entry, archive_entry_mode(entry), flags | ARCHIVE_EXTRACT_PERM); set_extended_perm(a, entry, flags); close(fd); return (r); } /* * Keep trying until we either open the file or run out of tricks. */ static int archive_read_extract_regular_open(struct archive *a, const char *name, int mode, int flags) { int fd; /* * If we're not supposed to overwrite pre-existing files, * use O_EXCL. Otherwise, use O_TRUNC. */ if (flags & (ARCHIVE_EXTRACT_UNLINK | ARCHIVE_EXTRACT_NO_OVERWRITE)) fd = open(name, O_WRONLY | O_CREAT | O_EXCL, mode); else fd = open(name, O_WRONLY | O_CREAT | O_TRUNC, mode); if (fd >= 0) return (fd); /* Try removing a pre-existing file. */ if (!(flags & ARCHIVE_EXTRACT_NO_OVERWRITE)) { unlink(name); fd = open(name, O_WRONLY | O_CREAT | O_EXCL, mode); if (fd >= 0) return (fd); } /* Might be a non-existent parent dir; try fixing that. */ mkdirpath(a, name); fd = open(name, O_WRONLY | O_CREAT | O_EXCL, mode); if (fd >= 0) return (fd); return (-1); } static int archive_read_extract_dir(struct archive *a, struct archive_entry *entry, int flags) { struct extract *extract; struct fixup_entry *le; const struct stat *st; mode_t mode, writable_mode; int ret, ret2; extract = a->extract; st = archive_entry_stat(entry); mode = st->st_mode; /* * Use conservative permissions when creating directories * to close a few security races. */ writable_mode = 0700; if (mode != writable_mode || flags & ARCHIVE_EXTRACT_TIME) { /* Add this dir to the fixup list. */ le = malloc(sizeof(struct fixup_entry)); le->fixup = 0; le->next = extract->fixup_list; extract->fixup_list = le; le->name = strdup(archive_entry_pathname(entry)); if (mode != writable_mode) { le->mode = mode; le->fixup |= FIXUP_MODE; archive_entry_set_mode(entry, writable_mode); } if (flags & ARCHIVE_EXTRACT_TIME) { le->mtime = st->st_mtime; le->mtime_nanos = ARCHIVE_STAT_MTIME_NANOS(st); le->atime = st->st_atime; le->atime_nanos = ARCHIVE_STAT_ATIME_NANOS(st); le->fixup |= FIXUP_TIMES; } } if (archive_read_extract_dir_create(a, archive_entry_pathname(entry), writable_mode, flags)) { /* Unable to create directory; just use the existing dir. */ return (ARCHIVE_WARN); } set_ownership(a, entry, flags); /* * There is no point in setting the time here. * * Note that future extracts into this directory will reset * the times, so to get correct results, the client has to * track timestamps for directories and update them at the end * of the run anyway. */ /* set_time(t, flags); */ /* * This next line may appear redundant, but it's not. If the * directory already exists, it won't get re-created by * mkdir(), so we have to manually set permissions to get * everything right. */ ret = set_perm(a, entry, mode, flags); ret2 = set_extended_perm(a, entry, flags); /* XXXX TODO: Fix this to work the right way. XXXX */ if (ret == ARCHIVE_OK) return (ret2); else return (ret); } /* * Create the directory: try until something works or we run out of magic. */ static int archive_read_extract_dir_create(struct archive *a, const char *name, int mode, int flags) { struct stat st; /* Don't try to create '.' */ if (name[0] == '.' && name[1] == 0) return (ARCHIVE_OK); if (mkdir(name, mode) == 0) return (ARCHIVE_OK); /* * Do "unlink first" after. The preceding syscall will always * fail if something already exists, so we save a little time * in the common case by not trying to unlink until we know * something is there. */ if ((flags & ARCHIVE_EXTRACT_UNLINK)) unlink(name); /* * Note stat() and not lstat() here. This is deliberate, and * yes, it does permit trojan archives. Clients who don't * want this should specify ARCHIVE_EXTRACT_UNLINK so that * existing symlinks will be removed. */ if (stat(name, &st) == 0) { /* Already exists! */ if (S_ISDIR(st.st_mode)) return (ARCHIVE_OK); if ((flags & ARCHIVE_EXTRACT_NO_OVERWRITE)) { archive_set_error(a, EEXIST, "Can't create directory"); return (ARCHIVE_WARN); } /* Not a dir: remove it and create a directory. */ if (unlink(name) == 0 && mkdir(name, mode) == 0) return (ARCHIVE_OK); } else if (errno == ENOENT) { /* Doesn't exist: missing parent dir? */ mkdirpath(a, name); if (mkdir(name, mode) == 0) return (ARCHIVE_OK); /* * Yes, people really do type "tar -cf - foo/." for * reasons that I cannot fathom. When they do, the * dir "foo" gets created in mkdirpath() and the * mkdir("foo/.") just above still fails. So, I've * added yet another check here to catch this * particular case. * * There must be a better way ... */ if (stat(name, &st) == 0 && S_ISDIR(st.st_mode)) return (ARCHIVE_OK); } else { /* Stat failed? */ archive_set_error(a, errno, "Can't test directory"); return (ARCHIVE_WARN); } archive_set_error(a, errno, "Failed to create dir"); return (ARCHIVE_WARN); } static int archive_read_extract_hard_link(struct archive *a, struct archive_entry *entry, int flags) { int r; const char *pathname; const char *linkname; pathname = archive_entry_pathname(entry); linkname = archive_entry_hardlink(entry); /* Just remove any pre-existing file with this name. */ if (!(flags & ARCHIVE_EXTRACT_NO_OVERWRITE)) unlink(pathname); r = link(linkname, pathname); if (r != 0) { /* Might be a non-existent parent dir; try fixing that. */ mkdirpath(a, pathname); r = link(linkname, pathname); } if (r != 0) { /* XXX Better error message here XXX */ archive_set_error(a, errno, "Can't restore hardlink to '%s'", linkname); return (ARCHIVE_WARN); } /* Set ownership, time, permission information. */ set_ownership(a, entry, flags); set_time(a, entry, flags); set_perm(a, entry, archive_entry_stat(entry)->st_mode, flags); set_extended_perm(a, entry, flags); return (ARCHIVE_OK); } static int archive_read_extract_symbolic_link(struct archive *a, struct archive_entry *entry, int flags) { int r; const char *pathname; const char *linkname; pathname = archive_entry_pathname(entry); linkname = archive_entry_symlink(entry); /* Just remove any pre-existing file with this name. */ if (!(flags & ARCHIVE_EXTRACT_NO_OVERWRITE)) unlink(pathname); r = symlink(linkname, pathname); if (r != 0) { /* Might be a non-existent parent dir; try fixing that. */ mkdirpath(a, pathname); r = symlink(linkname, pathname); } if (r != 0) { /* XXX Better error message here XXX */ archive_set_error(a, errno, "Can't restore symlink to '%s'", linkname); return (ARCHIVE_WARN); } /* Set ownership, time, permission information. */ set_ownership(a, entry, flags); set_time(a, entry, flags); set_perm(a, entry, archive_entry_stat(entry)->st_mode, flags); set_extended_perm(a, entry, flags); return (ARCHIVE_OK); } static int archive_read_extract_device(struct archive *a, struct archive_entry *entry, int flags, mode_t mode) { int r; /* Just remove any pre-existing file with this name. */ if (!(flags & ARCHIVE_EXTRACT_NO_OVERWRITE)) unlink(archive_entry_pathname(entry)); r = mknod(archive_entry_pathname(entry), mode, archive_entry_stat(entry)->st_rdev); /* Might be a non-existent parent dir; try fixing that. */ if (r != 0 && errno == ENOENT) { mkdirpath(a, archive_entry_pathname(entry)); r = mknod(archive_entry_pathname(entry), mode, archive_entry_stat(entry)->st_rdev); } if (r != 0) { archive_set_error(a, errno, "Can't recreate device node"); return (ARCHIVE_WARN); } /* Set ownership, time, permission information. */ set_ownership(a, entry, flags); set_time(a, entry, flags); set_perm(a, entry, archive_entry_stat(entry)->st_mode, flags); set_extended_perm(a, entry, flags); return (ARCHIVE_OK); } static int archive_read_extract_char_device(struct archive *a, struct archive_entry *entry, int flags) { mode_t mode; mode = (archive_entry_stat(entry)->st_mode & ~S_IFMT) | S_IFCHR; return (archive_read_extract_device(a, entry, flags, mode)); } static int archive_read_extract_block_device(struct archive *a, struct archive_entry *entry, int flags) { mode_t mode; mode = (archive_entry_stat(entry)->st_mode & ~S_IFMT) | S_IFBLK; return (archive_read_extract_device(a, entry, flags, mode)); } static int archive_read_extract_fifo(struct archive *a, struct archive_entry *entry, int flags) { int r; /* Just remove any pre-existing file with this name. */ if (!(flags & ARCHIVE_EXTRACT_NO_OVERWRITE)) unlink(archive_entry_pathname(entry)); r = mkfifo(archive_entry_pathname(entry), archive_entry_stat(entry)->st_mode); /* Might be a non-existent parent dir; try fixing that. */ if (r != 0 && errno == ENOENT) { mkdirpath(a, archive_entry_pathname(entry)); r = mkfifo(archive_entry_pathname(entry), archive_entry_stat(entry)->st_mode); } if (r != 0) { archive_set_error(a, errno, "Can't restore fifo"); return (ARCHIVE_WARN); } /* Set ownership, time, permission information. */ set_ownership(a, entry, flags); set_time(a, entry, flags); /* Done by mkfifo. */ /* set_perm(a, entry, archive_entry_stat(entry)->st_mode, flags); */ set_extended_perm(a, entry, flags); return (ARCHIVE_OK); } /* * Returns 0 if it successfully created necessary directories. * Otherwise, returns ARCHIVE_WARN. * * XXX TODO: Merge this with archive_extract_dir() above; that will * allow us to deal with all directory-related security and * permissions issues in one place. XXX */ static int mkdirpath(struct archive *a, const char *path) { char *p; struct extract *extract; size_t len; extract = a->extract; /* Copy path to mutable storage, then call mkdirpath_recursive. */ archive_strcpy(&(extract->mkdirpath), path); p = extract->mkdirpath.s; len = strlen(p); /* Prune trailing "/." sequence. */ if (len > 2 && p[len - 1] == '.' && p[len - 2] == '/') { p[len - 1] = 0; len--; } /* Prune a trailing '/' character. */ if (p[len - 1] == '/') { p[len - 1] = 0; len--; } /* Recursively try to build the path. */ return (mkdirpath_recursive(p)); } /* * For efficiency, just try creating longest path first (usually, * archives walk through directories in a reasonable order). If that * fails, prune the last element and recursively try again. */ static int mkdirpath_recursive(char *path) { char * p; int r; p = strrchr(path, '/'); if (!p) return (0); *p = 0; /* Terminate path name. */ r = mksubdir(path); /* Try building path. */ *p = '/'; /* Restore the '/' we just overwrote. */ return (r); } static int mksubdir(char *path) { /* * TODO: Change mode here to 0700 and add a fixup entry * to change the mode to 0755 after the extract is finished. */ int mode = 0755; if (mkdir(path, mode) == 0) return (0); if (errno == EEXIST) /* TODO: stat() here to verify it is dir */ return (0); if (mkdirpath_recursive(path)) return (ARCHIVE_WARN); if (mkdir(path, mode) == 0) return (0); return (ARCHIVE_WARN); /* Still failed. Harumph. */ } /* * Returns 0 if UID/GID successfully restored; ARCHIVE_WARN otherwise. */ static int set_ownership(struct archive *a, struct archive_entry *entry, int flags) { uid_t uid; gid_t gid; /* If UID/GID are already correct, return 0. */ /* XXX TODO: Fix this; as written, this fails to set GID a lot. * Generally, we'll need to stat() to find on-disk GID before * deciding this. */ /* if (a->user_uid == archive_entry_stat(entry)->st_uid) return (0); */ /* Not changed. */ if ((flags & ARCHIVE_EXTRACT_OWNER) == 0) return (ARCHIVE_WARN); uid = lookup_uid(a, archive_entry_uname(entry), archive_entry_stat(entry)->st_uid); gid = lookup_gid(a, archive_entry_gname(entry), archive_entry_stat(entry)->st_gid); /* * Root can change owner/group; owner can change group; * otherwise, bail out now. */ if (a->user_uid != 0 && a->user_uid != uid) { /* XXXX archive_set_error( XXXX ) ; XXX */ return (ARCHIVE_WARN); } if (lchown(archive_entry_pathname(entry), uid, gid)) { archive_set_error(a, errno, "Can't set user=%d/group=%d for %s", uid, gid, archive_entry_pathname(entry)); return (ARCHIVE_WARN); } return (ARCHIVE_OK); } static int set_time(struct archive *a, struct archive_entry *entry, int flags) { const struct stat *st; struct timeval times[2]; (void)a; /* UNUSED */ st = archive_entry_stat(entry); if ((flags & ARCHIVE_EXTRACT_TIME) == 0) return (ARCHIVE_OK); times[1].tv_sec = st->st_mtime; times[1].tv_usec = ARCHIVE_STAT_MTIME_NANOS(st) / 1000; times[0].tv_sec = st->st_atime; times[0].tv_usec = ARCHIVE_STAT_ATIME_NANOS(st) / 1000; #ifdef HAVE_LUTIMES if (lutimes(archive_entry_pathname(entry), times) != 0) { #else if ((archive_entry_mode(entry) & S_IFMT) != S_IFLNK && utimes(archive_entry_pathname(entry), times) != 0) { #endif archive_set_error(a, errno, "Can't update time for %s", archive_entry_pathname(entry)); return (ARCHIVE_WARN); } /* * Note: POSIX does not provide a portable way to restore ctime. * (Apart from resetting the system clock, which is distasteful.) * So, any restoration of ctime will necessarily be OS-specific. */ /* XXX TODO: Can FreeBSD restore ctime? XXX */ return (ARCHIVE_OK); } static int set_perm(struct archive *a, struct archive_entry *entry, int mode, int flags) { const char *name; if ((flags & ARCHIVE_EXTRACT_PERM) == 0) return (ARCHIVE_OK); name = archive_entry_pathname(entry); #ifdef HAVE_LCHMOD if (lchmod(name, mode) != 0) { #else if ((archive_entry_mode(entry) & S_IFMT) != S_IFLNK && chmod(name, mode) != 0) { #endif archive_set_error(a, errno, "Can't set permissions"); return (ARCHIVE_WARN); } return (0); } static int set_extended_perm(struct archive *a, struct archive_entry *entry, int flags) { struct fixup_entry *le; struct extract *extract; unsigned long set, clear; int ret, ret2; int critical_flags; extract = a->extract; /* * Make 'critical_flags' hold all file flags that can't be * immediately restored. For example, on BSD systems, * SF_IMMUTABLE prevents hardlinks from being created, so * should not be set until after any hardlinks are created. To * preserve some semblance of portability, this uses #ifdef * extensively. Ugly, but it works. * * Yes, Virginia, this does create a barn-door-sized security * race. If you see any way to avoid it, please let me know. * People restoring critical file systems should be wary of * other programs that might try to muck with files as they're * being restored. */ /* Hopefully, the compiler will optimize this mess into a constant. */ critical_flags = 0; #ifdef SF_IMMUTABLE critical_flags |= SF_IMMUTABLE; #endif #ifdef UF_IMMUTABLE critical_flags |= UF_IMMUTABLE; #endif #ifdef SF_APPEND critical_flags |= SF_APPEND; #endif #ifdef UF_APPEND critical_flags |= UF_APPEND; #endif #ifdef EXT2_APPEND_FL critical_flags |= EXT2_APPEND_FL; #endif #ifdef EXT2_IMMUTABLE_FL critical_flags |= EXT2_IMMUTABLE_FL; #endif if ((flags & ARCHIVE_EXTRACT_PERM) == 0) return (ARCHIVE_OK); archive_entry_fflags(entry, &set, &clear); /* * The first test encourages the compiler to eliminate all of * this if it's not necessary. */ if ((critical_flags != 0) && (set & critical_flags)) { le = malloc(sizeof(struct fixup_entry)); le->fixup = FIXUP_FFLAGS; le->next = extract->fixup_list; extract->fixup_list = le; le->name = strdup(archive_entry_pathname(entry)); le->mode = archive_entry_mode(entry); le->fflags_set = set; ret = ARCHIVE_OK; } else ret = set_fflags(a, archive_entry_pathname(entry), archive_entry_mode(entry), set, clear); ret2 = set_acls(a, entry); return (err_combine(ret,ret2)); } static int set_fflags(struct archive *a, const char *name, mode_t mode, unsigned long set, unsigned long clear) { int ret; struct stat st; #ifdef LINUX int fd; int err; unsigned long newflags, oldflags; #endif ret = ARCHIVE_OK; if (set == 0 && clear == 0) return (ret); #ifdef HAVE_CHFLAGS (void)mode; /* UNUSED */ /* * XXX Is the stat here really necessary? Or can I just use * the 'set' flags directly? In particular, I'm not sure * about the correct approach if we're overwriting an existing * file that already has flags on it. XXX */ if (stat(name, &st) == 0) { st.st_flags &= ~clear; st.st_flags |= set; if (chflags(name, st.st_flags) != 0) { archive_set_error(a, errno, "Failed to set file flags"); ret = ARCHIVE_WARN; } } #endif /* Linux has flags too, but no chflags syscall */ #ifdef LINUX /* * Linux has no define for the flags that are only settable * by the root user... */ #define SF_MASK (EXT2_IMMUTABLE_FL|EXT2_APPEND_FL) /* * XXX As above, this would be way simpler if we didn't have * to read the current flags from disk. XXX */ if ((S_ISREG(mode) || S_ISDIR(mode)) && ((fd = open(name, O_RDONLY|O_NONBLOCK)) >= 0)) { err = 1; if (fd >= 0 && (ioctl(fd, EXT2_IOC_GETFLAGS, &oldflags) >= 0)) { newflags = (oldflags & ~clear) | set; if (ioctl(fd, EXT2_IOC_SETFLAGS, &newflags) >= 0) { err = 0; } else if (errno == EPERM) { if (ioctl(fd, EXT2_IOC_GETFLAGS, &oldflags) >= 0) { newflags &= ~SF_MASK; oldflags &= SF_MASK; newflags |= oldflags; if (ioctl(fd, EXT2_IOC_SETFLAGS, &newflags) >= 0) err = 0; } } } close(fd); if (err) { archive_set_error(a, errno, "Failed to set file flags"); ret = ARCHIVE_WARN; } } #endif return (ret); } #ifndef HAVE_POSIX_ACL /* Default empty function body to satisfy mainline code. */ static int set_acls(struct archive *a, struct archive_entry *entry) { (void)a; (void)entry; return (ARCHIVE_OK); } #else /* * XXX TODO: What about ACL types other than ACCESS and DEFAULT? */ static int set_acls(struct archive *a, struct archive_entry *entry) { int ret; ret = set_acl(a, entry, ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_TYPE_ACCESS, "access"); if (ret != ARCHIVE_OK) return (ret); ret = set_acl(a, entry, ACL_TYPE_DEFAULT, ARCHIVE_ENTRY_ACL_TYPE_DEFAULT, "default"); return (ret); } static int set_acl(struct archive *a, struct archive_entry *entry, acl_type_t acl_type, int ae_requested_type, const char *typename) { acl_t acl; acl_entry_t acl_entry; acl_permset_t acl_permset; int ret; int ae_type, ae_permset, ae_tag, ae_id; uid_t ae_uid; gid_t ae_gid; const char *ae_name; int entries; const char *name; ret = ARCHIVE_OK; entries = archive_entry_acl_reset(entry, ae_requested_type); if (entries == 0) return (ARCHIVE_OK); acl = acl_init(entries); while (archive_entry_acl_next(entry, ae_requested_type, &ae_type, &ae_permset, &ae_tag, &ae_id, &ae_name) == ARCHIVE_OK) { acl_create_entry(&acl, &acl_entry); switch (ae_tag) { case ARCHIVE_ENTRY_ACL_USER: acl_set_tag_type(acl_entry, ACL_USER); ae_uid = lookup_uid(a, ae_name, ae_id); acl_set_qualifier(acl_entry, &ae_uid); break; case ARCHIVE_ENTRY_ACL_GROUP: acl_set_tag_type(acl_entry, ACL_GROUP); ae_gid = lookup_gid(a, ae_name, ae_id); acl_set_qualifier(acl_entry, &ae_gid); break; case ARCHIVE_ENTRY_ACL_USER_OBJ: acl_set_tag_type(acl_entry, ACL_USER_OBJ); break; case ARCHIVE_ENTRY_ACL_GROUP_OBJ: acl_set_tag_type(acl_entry, ACL_GROUP_OBJ); break; case ARCHIVE_ENTRY_ACL_MASK: acl_set_tag_type(acl_entry, ACL_MASK); break; case ARCHIVE_ENTRY_ACL_OTHER: acl_set_tag_type(acl_entry, ACL_OTHER); break; default: /* XXX */ break; } acl_get_permset(acl_entry, &acl_permset); acl_clear_perms(acl_permset); if (ae_permset & ARCHIVE_ENTRY_ACL_EXECUTE) acl_add_perm(acl_permset, ACL_EXECUTE); if (ae_permset & ARCHIVE_ENTRY_ACL_WRITE) acl_add_perm(acl_permset, ACL_WRITE); if (ae_permset & ARCHIVE_ENTRY_ACL_READ) acl_add_perm(acl_permset, ACL_READ); } name = archive_entry_pathname(entry); if (acl_set_file(name, acl_type, acl) != 0) { archive_set_error(a, errno, "Failed to set %s acl", typename); ret = ARCHIVE_WARN; } acl_free(acl); return (ret); } #endif /* * XXX The following gid/uid lookups can be a performance bottleneck. * Some form of caching would probably be very effective, though * I have concerns about staleness. */ static gid_t lookup_gid(struct archive *a, const char *gname, gid_t gid) { struct group *grent; (void)a; /* UNUSED */ /* Look up gid from gname. */ if (gname != NULL && *gname != '\0') { grent = getgrnam(gname); if (grent != NULL) gid = grent->gr_gid; } return (gid); } static uid_t lookup_uid(struct archive *a, const char *uname, uid_t uid) { struct passwd *pwent; (void)a; /* UNUSED */ /* Look up uid from uname. */ if (uname != NULL && *uname != '\0') { pwent = getpwnam(uname); if (pwent != NULL) uid = pwent->pw_uid; } return (uid); } void archive_read_extract_set_progress_callback(struct archive *a, void (*progress_func)(void *), void *user_data) { a->extract_progress = progress_func; a->extract_progress_user_data = user_data; }