3e01f8e05a
While I'm here, correctly alphabetize 't' after 's'. Thanks to: VMiklos
471 lines
13 KiB
C
471 lines
13 KiB
C
/*-
|
|
* Copyright (c) 2003-2004 Tim Kientzle
|
|
* All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer
|
|
* in this position and unchanged.
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
|
|
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
|
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
|
* IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
|
|
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
|
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
*/
|
|
|
|
#include "bsdtar_platform.h"
|
|
__FBSDID("$FreeBSD$");
|
|
|
|
#ifdef MAJOR_IN_MKDEV
|
|
#include <sys/mkdev.h>
|
|
#endif
|
|
#include <sys/param.h>
|
|
#include <sys/stat.h>
|
|
#include <sys/types.h>
|
|
|
|
#include <errno.h>
|
|
#include <grp.h>
|
|
#include <limits.h>
|
|
#include <pwd.h>
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
#include <time.h>
|
|
#include <unistd.h>
|
|
|
|
#include "bsdtar.h"
|
|
|
|
static void cleanup_security(struct bsdtar *);
|
|
static void list_item_verbose(struct bsdtar *, FILE *,
|
|
struct archive_entry *);
|
|
static void read_archive(struct bsdtar *bsdtar, char mode);
|
|
static int security_problem(struct bsdtar *, struct archive_entry *);
|
|
|
|
void
|
|
tar_mode_t(struct bsdtar *bsdtar)
|
|
{
|
|
read_archive(bsdtar, 't');
|
|
}
|
|
|
|
void
|
|
tar_mode_x(struct bsdtar *bsdtar)
|
|
{
|
|
read_archive(bsdtar, 'x');
|
|
}
|
|
|
|
/*
|
|
* Handle 'x' and 't' modes.
|
|
*/
|
|
static void
|
|
read_archive(struct bsdtar *bsdtar, char mode)
|
|
{
|
|
FILE *out;
|
|
struct archive *a;
|
|
struct archive_entry *entry;
|
|
const struct stat *st;
|
|
int r;
|
|
|
|
while (*bsdtar->argv) {
|
|
include(bsdtar, *bsdtar->argv);
|
|
bsdtar->argv++;
|
|
}
|
|
|
|
if (bsdtar->names_from_file != NULL)
|
|
include_from_file(bsdtar, bsdtar->names_from_file);
|
|
|
|
a = archive_read_new();
|
|
archive_read_support_compression_all(a);
|
|
archive_read_support_format_all(a);
|
|
if (archive_read_open_file(a, bsdtar->filename,
|
|
bsdtar->bytes_per_block != 0 ? bsdtar->bytes_per_block :
|
|
DEFAULT_BYTES_PER_BLOCK))
|
|
bsdtar_errc(bsdtar, 1, 0, "Error opening archive: %s",
|
|
archive_error_string(a));
|
|
|
|
do_chdir(bsdtar);
|
|
for (;;) {
|
|
/* Support --fast-read option */
|
|
if (bsdtar->option_fast_read &&
|
|
unmatched_inclusions(bsdtar) == 0)
|
|
break;
|
|
|
|
r = archive_read_next_header(a, &entry);
|
|
if (r == ARCHIVE_EOF)
|
|
break;
|
|
if (r == ARCHIVE_WARN)
|
|
bsdtar_warnc(bsdtar, 0, "%s", archive_error_string(a));
|
|
if (r == ARCHIVE_FATAL) {
|
|
bsdtar->return_value = 1;
|
|
bsdtar_warnc(bsdtar, 0, "%s", archive_error_string(a));
|
|
break;
|
|
}
|
|
if (r == ARCHIVE_RETRY) {
|
|
/* Retryable error: try again */
|
|
bsdtar_warnc(bsdtar, 0, "%s", archive_error_string(a));
|
|
bsdtar_warnc(bsdtar, 0, "Retrying...");
|
|
continue;
|
|
}
|
|
|
|
/*
|
|
* Exclude entries that are too old.
|
|
*/
|
|
st = archive_entry_stat(entry);
|
|
if (bsdtar->newer_ctime_sec > 0) {
|
|
if (st->st_ctime < bsdtar->newer_ctime_sec)
|
|
continue; /* Too old, skip it. */
|
|
if (st->st_ctime == bsdtar->newer_ctime_sec
|
|
&& ARCHIVE_STAT_CTIME_NANOS(st)
|
|
<= bsdtar->newer_ctime_nsec)
|
|
continue; /* Too old, skip it. */
|
|
}
|
|
if (bsdtar->newer_mtime_sec > 0) {
|
|
if (st->st_mtime < bsdtar->newer_mtime_sec)
|
|
continue; /* Too old, skip it. */
|
|
if (st->st_mtime == bsdtar->newer_mtime_sec
|
|
&& ARCHIVE_STAT_MTIME_NANOS(st)
|
|
<= bsdtar->newer_mtime_nsec)
|
|
continue; /* Too old, skip it. */
|
|
}
|
|
|
|
/*
|
|
* Note that pattern exclusions are checked before
|
|
* pathname rewrites are handled. This gives more
|
|
* control over exclusions, since rewrites always lose
|
|
* information. (For example, consider a rewrite
|
|
* s/foo[0-9]/foo/. If we check exclusions after the
|
|
* rewrite, there would be no way to exclude foo1/bar
|
|
* while allowing foo2/bar.)
|
|
*/
|
|
if (excluded(bsdtar, archive_entry_pathname(entry)))
|
|
continue; /* Excluded by a pattern test. */
|
|
|
|
/*
|
|
* Modify the pathname as requested by the user. We
|
|
* do this for -t as well to give users a way to
|
|
* preview the effects of their rewrites. We also do
|
|
* this before extraction security checks (including
|
|
* leading '/' removal). Note that some rewrite
|
|
* failures prevent extraction.
|
|
*/
|
|
if (edit_pathname(bsdtar, entry))
|
|
continue; /* Excluded by a rewrite failure. */
|
|
|
|
if (mode == 't') {
|
|
/* Perversely, gtar uses -O to mean "send to stderr"
|
|
* when used with -t. */
|
|
out = bsdtar->option_stdout ? stderr : stdout;
|
|
|
|
if (bsdtar->verbose < 2)
|
|
safe_fprintf(out, "%s",
|
|
archive_entry_pathname(entry));
|
|
else
|
|
list_item_verbose(bsdtar, out, entry);
|
|
fflush(out);
|
|
r = archive_read_data_skip(a);
|
|
if (r == ARCHIVE_WARN) {
|
|
fprintf(out, "\n");
|
|
bsdtar_warnc(bsdtar, 0, "%s",
|
|
archive_error_string(a));
|
|
}
|
|
if (r == ARCHIVE_RETRY) {
|
|
fprintf(out, "\n");
|
|
bsdtar_warnc(bsdtar, 0, "%s",
|
|
archive_error_string(a));
|
|
}
|
|
if (r == ARCHIVE_FATAL) {
|
|
fprintf(out, "\n");
|
|
bsdtar_warnc(bsdtar, 0, "%s",
|
|
archive_error_string(a));
|
|
break;
|
|
}
|
|
fprintf(out, "\n");
|
|
} else {
|
|
/*
|
|
* Skip security problems before prompting.
|
|
* Otherwise, the user may be confused that a
|
|
* file they wanted to extract was
|
|
* subsequently skipped.
|
|
*/
|
|
if (security_problem(bsdtar, entry))
|
|
continue;
|
|
|
|
if (bsdtar->option_interactive &&
|
|
!yes("extract '%s'", archive_entry_pathname(entry)))
|
|
continue;
|
|
|
|
/*
|
|
* Format here is from SUSv2, including the
|
|
* deferred '\n'.
|
|
*/
|
|
if (bsdtar->verbose) {
|
|
safe_fprintf(stderr, "x %s",
|
|
archive_entry_pathname(entry));
|
|
fflush(stderr);
|
|
}
|
|
if (bsdtar->option_stdout) {
|
|
/* TODO: Catch/recover any errors here. */
|
|
archive_read_data_into_fd(a, 1);
|
|
} else if (archive_read_extract(a, entry,
|
|
bsdtar->extract_flags)) {
|
|
if (!bsdtar->verbose)
|
|
safe_fprintf(stderr, "%s",
|
|
archive_entry_pathname(entry));
|
|
safe_fprintf(stderr, ": %s",
|
|
archive_error_string(a));
|
|
if (!bsdtar->verbose)
|
|
fprintf(stderr, "\n");
|
|
/*
|
|
* TODO: Decide how to handle
|
|
* extraction error... <sigh>
|
|
*/
|
|
bsdtar->return_value = 1;
|
|
}
|
|
if (bsdtar->verbose)
|
|
fprintf(stderr, "\n");
|
|
}
|
|
}
|
|
|
|
if (bsdtar->verbose > 2)
|
|
fprintf(stdout, "Archive Format: %s, Compression: %s\n",
|
|
archive_format_name(a), archive_compression_name(a));
|
|
|
|
archive_read_finish(a);
|
|
cleanup_security(bsdtar);
|
|
}
|
|
|
|
|
|
/*
|
|
* Display information about the current file.
|
|
*
|
|
* The format here roughly duplicates the output of 'ls -l'.
|
|
* This is based on SUSv2, where 'tar tv' is documented as
|
|
* listing additional information in an "unspecified format,"
|
|
* and 'pax -l' is documented as using the same format as 'ls -l'.
|
|
*/
|
|
static void
|
|
list_item_verbose(struct bsdtar *bsdtar, FILE *out, struct archive_entry *entry)
|
|
{
|
|
const struct stat *st;
|
|
char tmp[100];
|
|
size_t w;
|
|
const char *p;
|
|
const char *fmt;
|
|
time_t tim;
|
|
static time_t now;
|
|
|
|
st = archive_entry_stat(entry);
|
|
|
|
/*
|
|
* We avoid collecting the entire list in memory at once by
|
|
* listing things as we see them. However, that also means we can't
|
|
* just pre-compute the field widths. Instead, we start with guesses
|
|
* and just widen them as necessary. These numbers are completely
|
|
* arbitrary.
|
|
*/
|
|
if (!bsdtar->u_width) {
|
|
bsdtar->u_width = 6;
|
|
bsdtar->gs_width = 13;
|
|
}
|
|
if (!now)
|
|
time(&now);
|
|
bsdtar_strmode(entry, tmp);
|
|
fprintf(out, "%s %d ", tmp, (int)(st->st_nlink));
|
|
|
|
/* Use uname if it's present, else uid. */
|
|
p = archive_entry_uname(entry);
|
|
if ((p == NULL) || (*p == '\0')) {
|
|
sprintf(tmp, "%d ", st->st_uid);
|
|
p = tmp;
|
|
}
|
|
w = strlen(p);
|
|
if (w > bsdtar->u_width)
|
|
bsdtar->u_width = w;
|
|
fprintf(out, "%-*s ", (int)bsdtar->u_width, p);
|
|
|
|
/* Use gname if it's present, else gid. */
|
|
p = archive_entry_gname(entry);
|
|
if (p != NULL && p[0] != '\0') {
|
|
fprintf(out, "%s", p);
|
|
w = strlen(p);
|
|
} else {
|
|
sprintf(tmp, "%d", st->st_gid);
|
|
w = strlen(tmp);
|
|
fprintf(out, "%s", tmp);
|
|
}
|
|
|
|
/*
|
|
* Print device number or file size, right-aligned so as to make
|
|
* total width of group and devnum/filesize fields be gs_width.
|
|
* If gs_width is too small, grow it.
|
|
*/
|
|
if (S_ISCHR(st->st_mode) || S_ISBLK(st->st_mode)) {
|
|
sprintf(tmp, "%d,%u",
|
|
major(st->st_rdev),
|
|
(unsigned)minor(st->st_rdev)); /* ls(1) also casts here. */
|
|
} else {
|
|
/*
|
|
* Note the use of platform-dependent macros to format
|
|
* the filesize here. We need the format string and the
|
|
* corresponding type for the cast.
|
|
*/
|
|
sprintf(tmp, BSDTAR_FILESIZE_PRINTF,
|
|
(BSDTAR_FILESIZE_TYPE)st->st_size);
|
|
}
|
|
if (w + strlen(tmp) >= bsdtar->gs_width)
|
|
bsdtar->gs_width = w+strlen(tmp)+1;
|
|
fprintf(out, "%*s", (int)(bsdtar->gs_width - w), tmp);
|
|
|
|
/* Format the time using 'ls -l' conventions. */
|
|
tim = (time_t)st->st_mtime;
|
|
if (abs(tim - now) > (365/2)*86400)
|
|
fmt = bsdtar->day_first ? "%e %b %Y" : "%b %e %Y";
|
|
else
|
|
fmt = bsdtar->day_first ? "%e %b %R" : "%b %e %R";
|
|
strftime(tmp, sizeof(tmp), fmt, localtime(&tim));
|
|
fprintf(out, " %s ", tmp);
|
|
safe_fprintf(out, "%s", archive_entry_pathname(entry));
|
|
|
|
/* Extra information for links. */
|
|
if (archive_entry_hardlink(entry)) /* Hard link */
|
|
safe_fprintf(out, " link to %s",
|
|
archive_entry_hardlink(entry));
|
|
else if (S_ISLNK(st->st_mode)) /* Symbolic link */
|
|
safe_fprintf(out, " -> %s", archive_entry_symlink(entry));
|
|
}
|
|
|
|
/*
|
|
* Structure for storing path of last successful security check.
|
|
*/
|
|
struct security {
|
|
char *path;
|
|
size_t path_size;
|
|
};
|
|
|
|
/*
|
|
* Check for a variety of security issues. Fix what we can here,
|
|
* generate warnings as appropriate, return non-zero to prevent
|
|
* this entry from being extracted.
|
|
*/
|
|
static int
|
|
security_problem(struct bsdtar *bsdtar, struct archive_entry *entry)
|
|
{
|
|
struct stat st;
|
|
const char *name, *pn;
|
|
char *p;
|
|
int r;
|
|
|
|
/* -P option forces us to just accept all pathnames as-is. */
|
|
if (bsdtar->option_absolute_paths)
|
|
return (0);
|
|
|
|
name = archive_entry_pathname(entry);
|
|
|
|
/* Reject any archive entry with '..' as a path element. */
|
|
pn = name;
|
|
while (pn != NULL && pn[0] != '\0') {
|
|
if (pn[0] == '.' && pn[1] == '.' &&
|
|
(pn[2] == '\0' || pn[2] == '/')) {
|
|
bsdtar_warnc(bsdtar, 0,
|
|
"Skipping pathname containing ..");
|
|
bsdtar->return_value = 1;
|
|
return (1);
|
|
}
|
|
pn = strchr(pn, '/');
|
|
if (pn != NULL)
|
|
pn++;
|
|
}
|
|
|
|
/*
|
|
* Gaurd against symlink tricks. Reject any archive entry whose
|
|
* destination would be altered by a symlink.
|
|
*/
|
|
/* XXX TODO: Make this faster by comparing current path to
|
|
* prefix of last successful check to avoid duplicate lstat()
|
|
* calls. XXX */
|
|
pn = name;
|
|
if (bsdtar->security == NULL) {
|
|
bsdtar->security = malloc(sizeof(*bsdtar->security));
|
|
if (bsdtar->security == NULL)
|
|
bsdtar_errc(bsdtar, 1, errno, "No Memory");
|
|
bsdtar->security->path_size = MAXPATHLEN + 1;
|
|
bsdtar->security->path = malloc(bsdtar->security->path_size);
|
|
if (bsdtar->security->path == NULL)
|
|
bsdtar_errc(bsdtar, 1, errno, "No Memory");
|
|
}
|
|
if (strlen(name) >= bsdtar->security->path_size) {
|
|
free(bsdtar->security->path);
|
|
while (strlen(name) >= bsdtar->security->path_size)
|
|
bsdtar->security->path_size *= 2;
|
|
bsdtar->security->path = malloc(bsdtar->security->path_size);
|
|
if (bsdtar->security->path == NULL)
|
|
bsdtar_errc(bsdtar, 1, errno, "No Memory");
|
|
}
|
|
p = bsdtar->security->path;
|
|
while (pn != NULL && pn[0] != '\0') {
|
|
*p++ = *pn++;
|
|
while (*pn != '\0' && *pn != '/')
|
|
*p++ = *pn++;
|
|
p[0] = '\0';
|
|
r = lstat(bsdtar->security->path, &st);
|
|
if (r != 0) {
|
|
if (errno == ENOENT)
|
|
break;
|
|
} else if (S_ISLNK(st.st_mode)) {
|
|
if (pn[0] == '\0') {
|
|
/*
|
|
* Last element is symlink; remove it
|
|
* so we can overwrite it with the
|
|
* item being extracted.
|
|
*/
|
|
if (!S_ISLNK(archive_entry_mode(entry))) {
|
|
/*
|
|
* Warn only if the symlink is being
|
|
* replaced with a non-symlink.
|
|
*/
|
|
bsdtar_warnc(bsdtar, 0,
|
|
"Removing symlink %s",
|
|
bsdtar->security->path);
|
|
}
|
|
if (unlink(bsdtar->security->path))
|
|
bsdtar_errc(bsdtar, 1, errno,
|
|
"Unlink failed");
|
|
/* Symlink gone. No more problem! */
|
|
return (0);
|
|
} else if (bsdtar->option_unlink_first) {
|
|
/* User asked us to remove problems. */
|
|
if (unlink(bsdtar->security->path))
|
|
bsdtar_errc(bsdtar, 1, errno,
|
|
"Unlink failed");
|
|
} else {
|
|
bsdtar_warnc(bsdtar, 0,
|
|
"Cannot extract %s through symlink %s",
|
|
name, bsdtar->security->path);
|
|
bsdtar->return_value = 1;
|
|
return (1);
|
|
}
|
|
}
|
|
}
|
|
|
|
return (0);
|
|
}
|
|
|
|
static void
|
|
cleanup_security(struct bsdtar *bsdtar)
|
|
{
|
|
if (bsdtar->security != NULL) {
|
|
free(bsdtar->security->path);
|
|
free(bsdtar->security);
|
|
}
|
|
}
|