1 /*-
2 * Copyright (c) 2003-2007 Tim Kientzle
3 * Copyright (c) 2010-2012 Michihiro NAKAJIMA
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18 * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 */
26
27 #include "archive_platform.h"
28 __FBSDID("$FreeBSD$");
29
30 #ifdef HAVE_ERRNO_H
31 #include <errno.h>
32 #endif
33 #ifdef HAVE_STDLIB_H
34 #include <stdlib.h>
35 #endif
36 #ifdef HAVE_STRING_H
37 #include <string.h>
38 #endif
39
40 #include "archive.h"
41 #include "archive_entry.h"
42 #include "archive_entry_locale.h"
43 #include "archive_private.h"
44 #include "archive_write_private.h"
45
46 struct sparse_block {
47 struct sparse_block *next;
48 int is_hole;
49 uint64_t offset;
50 uint64_t remaining;
51 };
52
53 struct pax {
54 uint64_t entry_bytes_remaining;
55 uint64_t entry_padding;
56 struct archive_string l_url_encoded_name;
57 struct archive_string pax_header;
58 struct archive_string sparse_map;
59 size_t sparse_map_padding;
60 struct sparse_block *sparse_list;
61 struct sparse_block *sparse_tail;
62 struct archive_string_conv *sconv_utf8;
63 int opt_binary;
64 };
65
66 static void add_pax_attr(struct archive_string *, const char *key,
67 const char *value);
68 static void add_pax_attr_int(struct archive_string *,
69 const char *key, int64_t value);
70 static void add_pax_attr_time(struct archive_string *,
71 const char *key, int64_t sec,
72 unsigned long nanos);
73 static ssize_t archive_write_pax_data(struct archive_write *,
74 const void *, size_t);
75 static int archive_write_pax_close(struct archive_write *);
76 static int archive_write_pax_free(struct archive_write *);
77 static int archive_write_pax_finish_entry(struct archive_write *);
78 static int archive_write_pax_header(struct archive_write *,
79 struct archive_entry *);
80 static int archive_write_pax_options(struct archive_write *,
81 const char *, const char *);
82 static char *base64_encode(const char *src, size_t len);
83 static char *build_gnu_sparse_name(char *dest, const char *src);
84 static char *build_pax_attribute_name(char *dest, const char *src);
85 static char *build_ustar_entry_name(char *dest, const char *src,
86 size_t src_length, const char *insert);
87 static char *format_int(char *dest, int64_t);
88 static int has_non_ASCII(const char *);
89 static void sparse_list_clear(struct pax *);
90 static int sparse_list_add(struct pax *, int64_t, int64_t);
91 static char *url_encode(const char *in);
92
93 /*
94 * Set output format to 'restricted pax' format.
95 *
96 * This is the same as normal 'pax', but tries to suppress
97 * the pax header whenever possible. This is the default for
98 * bsdtar, for instance.
99 */
100 int
archive_write_set_format_pax_restricted(struct archive * _a)101 archive_write_set_format_pax_restricted(struct archive *_a)
102 {
103 struct archive_write *a = (struct archive_write *)_a;
104 int r;
105
106 archive_check_magic(_a, ARCHIVE_WRITE_MAGIC,
107 ARCHIVE_STATE_NEW, "archive_write_set_format_pax_restricted");
108
109 r = archive_write_set_format_pax(&a->archive);
110 a->archive.archive_format = ARCHIVE_FORMAT_TAR_PAX_RESTRICTED;
111 a->archive.archive_format_name = "restricted POSIX pax interchange";
112 return (r);
113 }
114
115 /*
116 * Set output format to 'pax' format.
117 */
118 int
archive_write_set_format_pax(struct archive * _a)119 archive_write_set_format_pax(struct archive *_a)
120 {
121 struct archive_write *a = (struct archive_write *)_a;
122 struct pax *pax;
123
124 archive_check_magic(_a, ARCHIVE_WRITE_MAGIC,
125 ARCHIVE_STATE_NEW, "archive_write_set_format_pax");
126
127 if (a->format_free != NULL)
128 (a->format_free)(a);
129
130 pax = (struct pax *)malloc(sizeof(*pax));
131 if (pax == NULL) {
132 archive_set_error(&a->archive, ENOMEM,
133 "Can't allocate pax data");
134 return (ARCHIVE_FATAL);
135 }
136 memset(pax, 0, sizeof(*pax));
137 a->format_data = pax;
138 a->format_name = "pax";
139 a->format_options = archive_write_pax_options;
140 a->format_write_header = archive_write_pax_header;
141 a->format_write_data = archive_write_pax_data;
142 a->format_close = archive_write_pax_close;
143 a->format_free = archive_write_pax_free;
144 a->format_finish_entry = archive_write_pax_finish_entry;
145 a->archive.archive_format = ARCHIVE_FORMAT_TAR_PAX_INTERCHANGE;
146 a->archive.archive_format_name = "POSIX pax interchange";
147 return (ARCHIVE_OK);
148 }
149
150 static int
archive_write_pax_options(struct archive_write * a,const char * key,const char * val)151 archive_write_pax_options(struct archive_write *a, const char *key,
152 const char *val)
153 {
154 struct pax *pax = (struct pax *)a->format_data;
155 int ret = ARCHIVE_FAILED;
156
157 if (strcmp(key, "hdrcharset") == 0) {
158 /*
159 * The character-set we can use are defined in
160 * IEEE Std 1003.1-2001
161 */
162 if (val == NULL || val[0] == 0)
163 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
164 "pax: hdrcharset option needs a character-set name");
165 else if (strcmp(val, "BINARY") == 0 ||
166 strcmp(val, "binary") == 0) {
167 /*
168 * Specify binary mode. We will not convert
169 * filenames, uname and gname to any charsets.
170 */
171 pax->opt_binary = 1;
172 ret = ARCHIVE_OK;
173 } else if (strcmp(val, "UTF-8") == 0) {
174 /*
175 * Specify UTF-8 character-set to be used for
176 * filenames. This is almost the test that
177 * running platform supports the string conversion.
178 * Especially libarchive_test needs this trick for
179 * its test.
180 */
181 pax->sconv_utf8 = archive_string_conversion_to_charset(
182 &(a->archive), "UTF-8", 0);
183 if (pax->sconv_utf8 == NULL)
184 ret = ARCHIVE_FATAL;
185 else
186 ret = ARCHIVE_OK;
187 } else
188 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
189 "pax: invalid charset name");
190 return (ret);
191 }
192
193 /* Note: The "warn" return is just to inform the options
194 * supervisor that we didn't handle it. It will generate
195 * a suitable error if no one used this option. */
196 return (ARCHIVE_WARN);
197 }
198
199 /*
200 * Note: This code assumes that 'nanos' has the same sign as 'sec',
201 * which implies that sec=-1, nanos=200000000 represents -1.2 seconds
202 * and not -0.8 seconds. This is a pretty pedantic point, as we're
203 * unlikely to encounter many real files created before Jan 1, 1970,
204 * much less ones with timestamps recorded to sub-second resolution.
205 */
206 static void
add_pax_attr_time(struct archive_string * as,const char * key,int64_t sec,unsigned long nanos)207 add_pax_attr_time(struct archive_string *as, const char *key,
208 int64_t sec, unsigned long nanos)
209 {
210 int digit, i;
211 char *t;
212 /*
213 * Note that each byte contributes fewer than 3 base-10
214 * digits, so this will always be big enough.
215 */
216 char tmp[1 + 3*sizeof(sec) + 1 + 3*sizeof(nanos)];
217
218 tmp[sizeof(tmp) - 1] = 0;
219 t = tmp + sizeof(tmp) - 1;
220
221 /* Skip trailing zeros in the fractional part. */
222 for (digit = 0, i = 10; i > 0 && digit == 0; i--) {
223 digit = nanos % 10;
224 nanos /= 10;
225 }
226
227 /* Only format the fraction if it's non-zero. */
228 if (i > 0) {
229 while (i > 0) {
230 *--t = "0123456789"[digit];
231 digit = nanos % 10;
232 nanos /= 10;
233 i--;
234 }
235 *--t = '.';
236 }
237 t = format_int(t, sec);
238
239 add_pax_attr(as, key, t);
240 }
241
242 static char *
format_int(char * t,int64_t i)243 format_int(char *t, int64_t i)
244 {
245 uint64_t ui;
246
247 if (i < 0)
248 ui = (i == INT64_MIN) ? (uint64_t)(INT64_MAX) + 1 : (uint64_t)(-i);
249 else
250 ui = i;
251
252 do {
253 *--t = "0123456789"[ui % 10];
254 } while (ui /= 10);
255 if (i < 0)
256 *--t = '-';
257 return (t);
258 }
259
260 static void
add_pax_attr_int(struct archive_string * as,const char * key,int64_t value)261 add_pax_attr_int(struct archive_string *as, const char *key, int64_t value)
262 {
263 char tmp[1 + 3 * sizeof(value)];
264
265 tmp[sizeof(tmp) - 1] = 0;
266 add_pax_attr(as, key, format_int(tmp + sizeof(tmp) - 1, value));
267 }
268
269 /*
270 * Add a key/value attribute to the pax header. This function handles
271 * the length field and various other syntactic requirements.
272 */
273 static void
add_pax_attr(struct archive_string * as,const char * key,const char * value)274 add_pax_attr(struct archive_string *as, const char *key, const char *value)
275 {
276 int digits, i, len, next_ten;
277 char tmp[1 + 3 * sizeof(int)]; /* < 3 base-10 digits per byte */
278
279 /*-
280 * PAX attributes have the following layout:
281 * <len> <space> <key> <=> <value> <nl>
282 */
283 len = 1 + (int)strlen(key) + 1 + (int)strlen(value) + 1;
284
285 /*
286 * The <len> field includes the length of the <len> field, so
287 * computing the correct length is tricky. I start by
288 * counting the number of base-10 digits in 'len' and
289 * computing the next higher power of 10.
290 */
291 next_ten = 1;
292 digits = 0;
293 i = len;
294 while (i > 0) {
295 i = i / 10;
296 digits++;
297 next_ten = next_ten * 10;
298 }
299 /*
300 * For example, if string without the length field is 99
301 * chars, then adding the 2 digit length "99" will force the
302 * total length past 100, requiring an extra digit. The next
303 * statement adjusts for this effect.
304 */
305 if (len + digits >= next_ten)
306 digits++;
307
308 /* Now, we have the right length so we can build the line. */
309 tmp[sizeof(tmp) - 1] = 0; /* Null-terminate the work area. */
310 archive_strcat(as, format_int(tmp + sizeof(tmp) - 1, len + digits));
311 archive_strappend_char(as, ' ');
312 archive_strcat(as, key);
313 archive_strappend_char(as, '=');
314 archive_strcat(as, value);
315 archive_strappend_char(as, '\n');
316 }
317
318 static int
archive_write_pax_header_xattrs(struct archive_write * a,struct pax * pax,struct archive_entry * entry)319 archive_write_pax_header_xattrs(struct archive_write *a,
320 struct pax *pax, struct archive_entry *entry)
321 {
322 struct archive_string s;
323 int i = archive_entry_xattr_reset(entry);
324
325 while (i--) {
326 const char *name;
327 const void *value;
328 char *encoded_value;
329 char *url_encoded_name = NULL, *encoded_name = NULL;
330 size_t size;
331 int r;
332
333 archive_entry_xattr_next(entry, &name, &value, &size);
334 url_encoded_name = url_encode(name);
335 if (url_encoded_name != NULL) {
336 /* Convert narrow-character to UTF-8. */
337 r = archive_strcpy_l(&(pax->l_url_encoded_name),
338 url_encoded_name, pax->sconv_utf8);
339 free(url_encoded_name); /* Done with this. */
340 if (r == 0)
341 encoded_name = pax->l_url_encoded_name.s;
342 else if (errno == ENOMEM) {
343 archive_set_error(&a->archive, ENOMEM,
344 "Can't allocate memory for Linkname");
345 return (ARCHIVE_FATAL);
346 }
347 }
348
349 encoded_value = base64_encode((const char *)value, size);
350
351 if (encoded_name != NULL && encoded_value != NULL) {
352 archive_string_init(&s);
353 archive_strcpy(&s, "LIBARCHIVE.xattr.");
354 archive_strcat(&s, encoded_name);
355 add_pax_attr(&(pax->pax_header), s.s, encoded_value);
356 archive_string_free(&s);
357 }
358 free(encoded_value);
359 }
360 return (ARCHIVE_OK);
361 }
362
363 static int
get_entry_hardlink(struct archive_write * a,struct archive_entry * entry,const char ** name,size_t * length,struct archive_string_conv * sc)364 get_entry_hardlink(struct archive_write *a, struct archive_entry *entry,
365 const char **name, size_t *length, struct archive_string_conv *sc)
366 {
367 int r;
368
369 r = archive_entry_hardlink_l(entry, name, length, sc);
370 if (r != 0) {
371 if (errno == ENOMEM) {
372 archive_set_error(&a->archive, ENOMEM,
373 "Can't allocate memory for Linkname");
374 return (ARCHIVE_FATAL);
375 }
376 return (ARCHIVE_WARN);
377 }
378 return (ARCHIVE_OK);
379 }
380
381 static int
get_entry_pathname(struct archive_write * a,struct archive_entry * entry,const char ** name,size_t * length,struct archive_string_conv * sc)382 get_entry_pathname(struct archive_write *a, struct archive_entry *entry,
383 const char **name, size_t *length, struct archive_string_conv *sc)
384 {
385 int r;
386
387 r = archive_entry_pathname_l(entry, name, length, sc);
388 if (r != 0) {
389 if (errno == ENOMEM) {
390 archive_set_error(&a->archive, ENOMEM,
391 "Can't allocate memory for Pathname");
392 return (ARCHIVE_FATAL);
393 }
394 return (ARCHIVE_WARN);
395 }
396 return (ARCHIVE_OK);
397 }
398
399 static int
get_entry_uname(struct archive_write * a,struct archive_entry * entry,const char ** name,size_t * length,struct archive_string_conv * sc)400 get_entry_uname(struct archive_write *a, struct archive_entry *entry,
401 const char **name, size_t *length, struct archive_string_conv *sc)
402 {
403 int r;
404
405 r = archive_entry_uname_l(entry, name, length, sc);
406 if (r != 0) {
407 if (errno == ENOMEM) {
408 archive_set_error(&a->archive, ENOMEM,
409 "Can't allocate memory for Uname");
410 return (ARCHIVE_FATAL);
411 }
412 return (ARCHIVE_WARN);
413 }
414 return (ARCHIVE_OK);
415 }
416
417 static int
get_entry_gname(struct archive_write * a,struct archive_entry * entry,const char ** name,size_t * length,struct archive_string_conv * sc)418 get_entry_gname(struct archive_write *a, struct archive_entry *entry,
419 const char **name, size_t *length, struct archive_string_conv *sc)
420 {
421 int r;
422
423 r = archive_entry_gname_l(entry, name, length, sc);
424 if (r != 0) {
425 if (errno == ENOMEM) {
426 archive_set_error(&a->archive, ENOMEM,
427 "Can't allocate memory for Gname");
428 return (ARCHIVE_FATAL);
429 }
430 return (ARCHIVE_WARN);
431 }
432 return (ARCHIVE_OK);
433 }
434
435 static int
get_entry_symlink(struct archive_write * a,struct archive_entry * entry,const char ** name,size_t * length,struct archive_string_conv * sc)436 get_entry_symlink(struct archive_write *a, struct archive_entry *entry,
437 const char **name, size_t *length, struct archive_string_conv *sc)
438 {
439 int r;
440
441 r = archive_entry_symlink_l(entry, name, length, sc);
442 if (r != 0) {
443 if (errno == ENOMEM) {
444 archive_set_error(&a->archive, ENOMEM,
445 "Can't allocate memory for Linkname");
446 return (ARCHIVE_FATAL);
447 }
448 return (ARCHIVE_WARN);
449 }
450 return (ARCHIVE_OK);
451 }
452
453 /*
454 * TODO: Consider adding 'comment' and 'charset' fields to
455 * archive_entry so that clients can specify them. Also, consider
456 * adding generic key/value tags so clients can add arbitrary
457 * key/value data.
458 *
459 * TODO: Break up this 700-line function!!!! Yowza!
460 */
461 static int
archive_write_pax_header(struct archive_write * a,struct archive_entry * entry_original)462 archive_write_pax_header(struct archive_write *a,
463 struct archive_entry *entry_original)
464 {
465 struct archive_entry *entry_main;
466 const char *p;
467 const char *suffix;
468 int need_extension, r, ret;
469 int sparse_count;
470 uint64_t sparse_total, real_size;
471 struct pax *pax;
472 const char *hardlink;
473 const char *path = NULL, *linkpath = NULL;
474 const char *uname = NULL, *gname = NULL;
475 const void *mac_metadata;
476 size_t mac_metadata_size;
477 struct archive_string_conv *sconv;
478 size_t hardlink_length, path_length, linkpath_length;
479 size_t uname_length, gname_length;
480
481 char paxbuff[512];
482 char ustarbuff[512];
483 char ustar_entry_name[256];
484 char pax_entry_name[256];
485 char gnu_sparse_name[256];
486 struct archive_string entry_name;
487
488 ret = ARCHIVE_OK;
489 need_extension = 0;
490 pax = (struct pax *)a->format_data;
491
492 /* Sanity check. */
493 if (archive_entry_pathname(entry_original) == NULL) {
494 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
495 "Can't record entry in tar file without pathname");
496 return (ARCHIVE_FAILED);
497 }
498
499 /*
500 * Choose a header encoding.
501 */
502 if (pax->opt_binary)
503 sconv = NULL;/* Binary mode. */
504 else {
505 /* Header encoding is UTF-8. */
506 if (pax->sconv_utf8 == NULL) {
507 /* Initialize the string conversion object
508 * we must need */
509 pax->sconv_utf8 = archive_string_conversion_to_charset(
510 &(a->archive), "UTF-8", 1);
511 if (pax->sconv_utf8 == NULL)
512 /* Couldn't allocate memory */
513 return (ARCHIVE_FAILED);
514 }
515 sconv = pax->sconv_utf8;
516 }
517
518 r = get_entry_hardlink(a, entry_original, &hardlink,
519 &hardlink_length, sconv);
520 if (r == ARCHIVE_FATAL)
521 return (r);
522 else if (r != ARCHIVE_OK) {
523 r = get_entry_hardlink(a, entry_original, &hardlink,
524 &hardlink_length, NULL);
525 if (r == ARCHIVE_FATAL)
526 return (r);
527 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
528 "Can't translate linkname '%s' to %s", hardlink,
529 archive_string_conversion_charset_name(sconv));
530 ret = ARCHIVE_WARN;
531 sconv = NULL;/* The header charset switches to binary mode. */
532 }
533
534 /* Make sure this is a type of entry that we can handle here */
535 if (hardlink == NULL) {
536 switch (archive_entry_filetype(entry_original)) {
537 case AE_IFBLK:
538 case AE_IFCHR:
539 case AE_IFIFO:
540 case AE_IFLNK:
541 case AE_IFREG:
542 break;
543 case AE_IFDIR:
544 {
545 /*
546 * Ensure a trailing '/'. Modify the original
547 * entry so the client sees the change.
548 */
549 #if defined(_WIN32) && !defined(__CYGWIN__)
550 const wchar_t *wp;
551
552 wp = archive_entry_pathname_w(entry_original);
553 if (wp != NULL && wp[wcslen(wp) -1] != L'/') {
554 struct archive_wstring ws;
555
556 archive_string_init(&ws);
557 path_length = wcslen(wp);
558 if (archive_wstring_ensure(&ws,
559 path_length + 2) == NULL) {
560 archive_set_error(&a->archive, ENOMEM,
561 "Can't allocate pax data");
562 archive_wstring_free(&ws);
563 return(ARCHIVE_FATAL);
564 }
565 /* Should we keep '\' ? */
566 if (wp[path_length -1] == L'\\')
567 path_length--;
568 archive_wstrncpy(&ws, wp, path_length);
569 archive_wstrappend_wchar(&ws, L'/');
570 archive_entry_copy_pathname_w(
571 entry_original, ws.s);
572 archive_wstring_free(&ws);
573 p = NULL;
574 } else
575 #endif
576 p = archive_entry_pathname(entry_original);
577 /*
578 * On Windows, this is a backup operation just in
579 * case getting WCS failed. On POSIX, this is a
580 * normal operation.
581 */
582 if (p != NULL && p[strlen(p) - 1] != '/') {
583 struct archive_string as;
584
585 archive_string_init(&as);
586 path_length = strlen(p);
587 if (archive_string_ensure(&as,
588 path_length + 2) == NULL) {
589 archive_set_error(&a->archive, ENOMEM,
590 "Can't allocate pax data");
591 archive_string_free(&as);
592 return(ARCHIVE_FATAL);
593 }
594 #if defined(_WIN32) && !defined(__CYGWIN__)
595 /* NOTE: This might break the pathname
596 * if the current code page is CP932 and
597 * the pathname includes a character '\'
598 * as a part of its multibyte pathname. */
599 if (p[strlen(p) -1] == '\\')
600 path_length--;
601 else
602 #endif
603 archive_strncpy(&as, p, path_length);
604 archive_strappend_char(&as, '/');
605 archive_entry_copy_pathname(
606 entry_original, as.s);
607 archive_string_free(&as);
608 }
609 break;
610 }
611 case AE_IFSOCK:
612 archive_set_error(&a->archive,
613 ARCHIVE_ERRNO_FILE_FORMAT,
614 "tar format cannot archive socket");
615 return (ARCHIVE_FAILED);
616 default:
617 archive_set_error(&a->archive,
618 ARCHIVE_ERRNO_FILE_FORMAT,
619 "tar format cannot archive this (type=0%lo)",
620 (unsigned long)
621 archive_entry_filetype(entry_original));
622 return (ARCHIVE_FAILED);
623 }
624 }
625
626 /*
627 * If Mac OS metadata blob is here, recurse to write that
628 * as a separate entry. This is really a pretty poor design:
629 * In particular, it doubles the overhead for long filenames.
630 * TODO: Help Apple folks design something better and figure
631 * out how to transition from this legacy format.
632 *
633 * Note that this code is present on every platform; clients
634 * on non-Mac are unlikely to ever provide this data, but
635 * applications that copy entries from one archive to another
636 * should not lose data just because the local filesystem
637 * can't store it.
638 */
639 mac_metadata =
640 archive_entry_mac_metadata(entry_original, &mac_metadata_size);
641 if (mac_metadata != NULL) {
642 const char *oname;
643 char *name, *bname;
644 size_t name_length;
645 struct archive_entry *extra = archive_entry_new2(&a->archive);
646
647 oname = archive_entry_pathname(entry_original);
648 name_length = strlen(oname);
649 name = malloc(name_length + 3);
650 if (name == NULL || extra == NULL) {
651 /* XXX error message */
652 archive_entry_free(extra);
653 free(name);
654 return (ARCHIVE_FAILED);
655 }
656 strcpy(name, oname);
657 /* Find last '/'; strip trailing '/' characters */
658 bname = strrchr(name, '/');
659 while (bname != NULL && bname[1] == '\0') {
660 *bname = '\0';
661 bname = strrchr(name, '/');
662 }
663 if (bname == NULL) {
664 memmove(name + 2, name, name_length + 1);
665 memmove(name, "._", 2);
666 } else {
667 bname += 1;
668 memmove(bname + 2, bname, strlen(bname) + 1);
669 memmove(bname, "._", 2);
670 }
671 archive_entry_copy_pathname(extra, name);
672 free(name);
673
674 archive_entry_set_size(extra, mac_metadata_size);
675 archive_entry_set_filetype(extra, AE_IFREG);
676 archive_entry_set_perm(extra,
677 archive_entry_perm(entry_original));
678 archive_entry_set_mtime(extra,
679 archive_entry_mtime(entry_original),
680 archive_entry_mtime_nsec(entry_original));
681 archive_entry_set_gid(extra,
682 archive_entry_gid(entry_original));
683 archive_entry_set_gname(extra,
684 archive_entry_gname(entry_original));
685 archive_entry_set_uid(extra,
686 archive_entry_uid(entry_original));
687 archive_entry_set_uname(extra,
688 archive_entry_uname(entry_original));
689
690 /* Recurse to write the special copyfile entry. */
691 r = archive_write_pax_header(a, extra);
692 archive_entry_free(extra);
693 if (r < ARCHIVE_WARN)
694 return (r);
695 if (r < ret)
696 ret = r;
697 r = (int)archive_write_pax_data(a, mac_metadata,
698 mac_metadata_size);
699 if (r < ARCHIVE_WARN)
700 return (r);
701 if (r < ret)
702 ret = r;
703 r = archive_write_pax_finish_entry(a);
704 if (r < ARCHIVE_WARN)
705 return (r);
706 if (r < ret)
707 ret = r;
708 }
709
710 /* Copy entry so we can modify it as needed. */
711 #if defined(_WIN32) && !defined(__CYGWIN__)
712 /* Make sure the path separators in pahtname, hardlink and symlink
713 * are all slash '/', not the Windows path separator '\'. */
714 entry_main = __la_win_entry_in_posix_pathseparator(entry_original);
715 if (entry_main == entry_original)
716 entry_main = archive_entry_clone(entry_original);
717 #else
718 entry_main = archive_entry_clone(entry_original);
719 #endif
720 if (entry_main == NULL) {
721 archive_set_error(&a->archive, ENOMEM,
722 "Can't allocate pax data");
723 return(ARCHIVE_FATAL);
724 }
725 archive_string_empty(&(pax->pax_header)); /* Blank our work area. */
726 archive_string_empty(&(pax->sparse_map));
727 sparse_total = 0;
728 sparse_list_clear(pax);
729
730 if (hardlink == NULL &&
731 archive_entry_filetype(entry_main) == AE_IFREG)
732 sparse_count = archive_entry_sparse_reset(entry_main);
733 else
734 sparse_count = 0;
735 if (sparse_count) {
736 int64_t offset, length, last_offset = 0;
737 /* Get the last entry of sparse block. */
738 while (archive_entry_sparse_next(
739 entry_main, &offset, &length) == ARCHIVE_OK)
740 last_offset = offset + length;
741
742 /* If the last sparse block does not reach the end of file,
743 * We have to add a empty sparse block as the last entry to
744 * manage storing file data. */
745 if (last_offset < archive_entry_size(entry_main))
746 archive_entry_sparse_add_entry(entry_main,
747 archive_entry_size(entry_main), 0);
748 sparse_count = archive_entry_sparse_reset(entry_main);
749 }
750
751 /*
752 * First, check the name fields and see if any of them
753 * require binary coding. If any of them does, then all of
754 * them do.
755 */
756 r = get_entry_pathname(a, entry_main, &path, &path_length, sconv);
757 if (r == ARCHIVE_FATAL)
758 return (r);
759 else if (r != ARCHIVE_OK) {
760 r = get_entry_pathname(a, entry_main, &path,
761 &path_length, NULL);
762 if (r == ARCHIVE_FATAL)
763 return (r);
764 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
765 "Can't translate pathname '%s' to %s", path,
766 archive_string_conversion_charset_name(sconv));
767 ret = ARCHIVE_WARN;
768 sconv = NULL;/* The header charset switches to binary mode. */
769 }
770 r = get_entry_uname(a, entry_main, &uname, &uname_length, sconv);
771 if (r == ARCHIVE_FATAL)
772 return (r);
773 else if (r != ARCHIVE_OK) {
774 r = get_entry_uname(a, entry_main, &uname, &uname_length, NULL);
775 if (r == ARCHIVE_FATAL)
776 return (r);
777 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
778 "Can't translate uname '%s' to %s", uname,
779 archive_string_conversion_charset_name(sconv));
780 ret = ARCHIVE_WARN;
781 sconv = NULL;/* The header charset switches to binary mode. */
782 }
783 r = get_entry_gname(a, entry_main, &gname, &gname_length, sconv);
784 if (r == ARCHIVE_FATAL)
785 return (r);
786 else if (r != ARCHIVE_OK) {
787 r = get_entry_gname(a, entry_main, &gname, &gname_length, NULL);
788 if (r == ARCHIVE_FATAL)
789 return (r);
790 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
791 "Can't translate gname '%s' to %s", gname,
792 archive_string_conversion_charset_name(sconv));
793 ret = ARCHIVE_WARN;
794 sconv = NULL;/* The header charset switches to binary mode. */
795 }
796 linkpath = hardlink;
797 linkpath_length = hardlink_length;
798 if (linkpath == NULL) {
799 r = get_entry_symlink(a, entry_main, &linkpath,
800 &linkpath_length, sconv);
801 if (r == ARCHIVE_FATAL)
802 return (r);
803 else if (r != ARCHIVE_OK) {
804 r = get_entry_symlink(a, entry_main, &linkpath,
805 &linkpath_length, NULL);
806 if (r == ARCHIVE_FATAL)
807 return (r);
808 archive_set_error(&a->archive,
809 ARCHIVE_ERRNO_FILE_FORMAT,
810 "Can't translate linkname '%s' to %s", linkpath,
811 archive_string_conversion_charset_name(sconv));
812 ret = ARCHIVE_WARN;
813 sconv = NULL;
814 }
815 }
816
817 /* If any string conversions failed, get all attributes
818 * in binary-mode. */
819 if (sconv == NULL && !pax->opt_binary) {
820 if (hardlink != NULL) {
821 r = get_entry_hardlink(a, entry_main, &hardlink,
822 &hardlink_length, NULL);
823 if (r == ARCHIVE_FATAL)
824 return (r);
825 linkpath = hardlink;
826 linkpath_length = hardlink_length;
827 }
828 r = get_entry_pathname(a, entry_main, &path,
829 &path_length, NULL);
830 if (r == ARCHIVE_FATAL)
831 return (r);
832 r = get_entry_uname(a, entry_main, &uname, &uname_length, NULL);
833 if (r == ARCHIVE_FATAL)
834 return (r);
835 r = get_entry_gname(a, entry_main, &gname, &gname_length, NULL);
836 if (r == ARCHIVE_FATAL)
837 return (r);
838 }
839
840 /* Store the header encoding first, to be nice to readers. */
841 if (sconv == NULL)
842 add_pax_attr(&(pax->pax_header), "hdrcharset", "BINARY");
843
844
845 /*
846 * If name is too long, or has non-ASCII characters, add
847 * 'path' to pax extended attrs. (Note that an unconvertible
848 * name must have non-ASCII characters.)
849 */
850 if (has_non_ASCII(path)) {
851 /* We have non-ASCII characters. */
852 add_pax_attr(&(pax->pax_header), "path", path);
853 archive_entry_set_pathname(entry_main,
854 build_ustar_entry_name(ustar_entry_name,
855 path, path_length, NULL));
856 need_extension = 1;
857 } else {
858 /* We have an all-ASCII path; we'd like to just store
859 * it in the ustar header if it will fit. Yes, this
860 * duplicates some of the logic in
861 * archive_write_set_format_ustar.c
862 */
863 if (path_length <= 100) {
864 /* Fits in the old 100-char tar name field. */
865 } else {
866 /* Find largest suffix that will fit. */
867 /* Note: strlen() > 100, so strlen() - 100 - 1 >= 0 */
868 suffix = strchr(path + path_length - 100 - 1, '/');
869 /* Don't attempt an empty prefix. */
870 if (suffix == path)
871 suffix = strchr(suffix + 1, '/');
872 /* We can put it in the ustar header if it's
873 * all ASCII and it's either <= 100 characters
874 * or can be split at a '/' into a prefix <=
875 * 155 chars and a suffix <= 100 chars. (Note
876 * the strchr() above will return NULL exactly
877 * when the path can't be split.)
878 */
879 if (suffix == NULL /* Suffix > 100 chars. */
880 || suffix[1] == '\0' /* empty suffix */
881 || suffix - path > 155) /* Prefix > 155 chars */
882 {
883 add_pax_attr(&(pax->pax_header), "path", path);
884 archive_entry_set_pathname(entry_main,
885 build_ustar_entry_name(ustar_entry_name,
886 path, path_length, NULL));
887 need_extension = 1;
888 }
889 }
890 }
891
892 if (linkpath != NULL) {
893 /* If link name is too long or has non-ASCII characters, add
894 * 'linkpath' to pax extended attrs. */
895 if (linkpath_length > 100 || has_non_ASCII(linkpath)) {
896 add_pax_attr(&(pax->pax_header), "linkpath", linkpath);
897 if (linkpath_length > 100) {
898 if (hardlink != NULL)
899 archive_entry_set_hardlink(entry_main,
900 "././@LongHardLink");
901 else
902 archive_entry_set_symlink(entry_main,
903 "././@LongSymLink");
904 }
905 need_extension = 1;
906 }
907 }
908 /* Save a pathname since it will be renamed if `entry_main` has
909 * sparse blocks. */
910 archive_string_init(&entry_name);
911 archive_strcpy(&entry_name, archive_entry_pathname(entry_main));
912
913 /* If file size is too large, add 'size' to pax extended attrs. */
914 if (archive_entry_size(entry_main) >= (((int64_t)1) << 33)) {
915 add_pax_attr_int(&(pax->pax_header), "size",
916 archive_entry_size(entry_main));
917 need_extension = 1;
918 }
919
920 /* If numeric GID is too large, add 'gid' to pax extended attrs. */
921 if ((unsigned int)archive_entry_gid(entry_main) >= (1 << 18)) {
922 add_pax_attr_int(&(pax->pax_header), "gid",
923 archive_entry_gid(entry_main));
924 need_extension = 1;
925 }
926
927 /* If group name is too large or has non-ASCII characters, add
928 * 'gname' to pax extended attrs. */
929 if (gname != NULL) {
930 if (gname_length > 31 || has_non_ASCII(gname)) {
931 add_pax_attr(&(pax->pax_header), "gname", gname);
932 need_extension = 1;
933 }
934 }
935
936 /* If numeric UID is too large, add 'uid' to pax extended attrs. */
937 if ((unsigned int)archive_entry_uid(entry_main) >= (1 << 18)) {
938 add_pax_attr_int(&(pax->pax_header), "uid",
939 archive_entry_uid(entry_main));
940 need_extension = 1;
941 }
942
943 /* Add 'uname' to pax extended attrs if necessary. */
944 if (uname != NULL) {
945 if (uname_length > 31 || has_non_ASCII(uname)) {
946 add_pax_attr(&(pax->pax_header), "uname", uname);
947 need_extension = 1;
948 }
949 }
950
951 /*
952 * POSIX/SUSv3 doesn't provide a standard key for large device
953 * numbers. I use the same keys here that Joerg Schilling
954 * used for 'star.' (Which, somewhat confusingly, are called
955 * "devXXX" even though they code "rdev" values.) No doubt,
956 * other implementations use other keys. Note that there's no
957 * reason we can't write the same information into a number of
958 * different keys.
959 *
960 * Of course, this is only needed for block or char device entries.
961 */
962 if (archive_entry_filetype(entry_main) == AE_IFBLK
963 || archive_entry_filetype(entry_main) == AE_IFCHR) {
964 /*
965 * If rdevmajor is too large, add 'SCHILY.devmajor' to
966 * extended attributes.
967 */
968 int rdevmajor, rdevminor;
969 rdevmajor = archive_entry_rdevmajor(entry_main);
970 rdevminor = archive_entry_rdevminor(entry_main);
971 if (rdevmajor >= (1 << 18)) {
972 add_pax_attr_int(&(pax->pax_header), "SCHILY.devmajor",
973 rdevmajor);
974 /*
975 * Non-strict formatting below means we don't
976 * have to truncate here. Not truncating improves
977 * the chance that some more modern tar archivers
978 * (such as GNU tar 1.13) can restore the full
979 * value even if they don't understand the pax
980 * extended attributes. See my rant below about
981 * file size fields for additional details.
982 */
983 /* archive_entry_set_rdevmajor(entry_main,
984 rdevmajor & ((1 << 18) - 1)); */
985 need_extension = 1;
986 }
987
988 /*
989 * If devminor is too large, add 'SCHILY.devminor' to
990 * extended attributes.
991 */
992 if (rdevminor >= (1 << 18)) {
993 add_pax_attr_int(&(pax->pax_header), "SCHILY.devminor",
994 rdevminor);
995 /* Truncation is not necessary here, either. */
996 /* archive_entry_set_rdevminor(entry_main,
997 rdevminor & ((1 << 18) - 1)); */
998 need_extension = 1;
999 }
1000 }
1001
1002 /*
1003 * Technically, the mtime field in the ustar header can
1004 * support 33 bits, but many platforms use signed 32-bit time
1005 * values. The cutoff of 0x7fffffff here is a compromise.
1006 * Yes, this check is duplicated just below; this helps to
1007 * avoid writing an mtime attribute just to handle a
1008 * high-resolution timestamp in "restricted pax" mode.
1009 */
1010 if (!need_extension &&
1011 ((archive_entry_mtime(entry_main) < 0)
1012 || (archive_entry_mtime(entry_main) >= 0x7fffffff)))
1013 need_extension = 1;
1014
1015 /* I use a star-compatible file flag attribute. */
1016 p = archive_entry_fflags_text(entry_main);
1017 if (!need_extension && p != NULL && *p != '\0')
1018 need_extension = 1;
1019
1020 /* If there are non-trivial ACL entries, we need an extension. */
1021 if (!need_extension && archive_entry_acl_count(entry_original,
1022 ARCHIVE_ENTRY_ACL_TYPE_ACCESS) > 0)
1023 need_extension = 1;
1024
1025 /* If there are non-trivial ACL entries, we need an extension. */
1026 if (!need_extension && archive_entry_acl_count(entry_original,
1027 ARCHIVE_ENTRY_ACL_TYPE_DEFAULT) > 0)
1028 need_extension = 1;
1029
1030 /* If there are extended attributes, we need an extension */
1031 if (!need_extension && archive_entry_xattr_count(entry_original) > 0)
1032 need_extension = 1;
1033
1034 /* If there are sparse info, we need an extension */
1035 if (!need_extension && sparse_count > 0)
1036 need_extension = 1;
1037
1038 /*
1039 * The following items are handled differently in "pax
1040 * restricted" format. In particular, in "pax restricted"
1041 * format they won't be added unless need_extension is
1042 * already set (we're already generating an extended header, so
1043 * may as well include these).
1044 */
1045 if (a->archive.archive_format != ARCHIVE_FORMAT_TAR_PAX_RESTRICTED ||
1046 need_extension) {
1047
1048 if (archive_entry_mtime(entry_main) < 0 ||
1049 archive_entry_mtime(entry_main) >= 0x7fffffff ||
1050 archive_entry_mtime_nsec(entry_main) != 0)
1051 add_pax_attr_time(&(pax->pax_header), "mtime",
1052 archive_entry_mtime(entry_main),
1053 archive_entry_mtime_nsec(entry_main));
1054
1055 if (archive_entry_ctime(entry_main) != 0 ||
1056 archive_entry_ctime_nsec(entry_main) != 0)
1057 add_pax_attr_time(&(pax->pax_header), "ctime",
1058 archive_entry_ctime(entry_main),
1059 archive_entry_ctime_nsec(entry_main));
1060
1061 if (archive_entry_atime(entry_main) != 0 ||
1062 archive_entry_atime_nsec(entry_main) != 0)
1063 add_pax_attr_time(&(pax->pax_header), "atime",
1064 archive_entry_atime(entry_main),
1065 archive_entry_atime_nsec(entry_main));
1066
1067 /* Store birth/creationtime only if it's earlier than mtime */
1068 if (archive_entry_birthtime_is_set(entry_main) &&
1069 archive_entry_birthtime(entry_main)
1070 < archive_entry_mtime(entry_main))
1071 add_pax_attr_time(&(pax->pax_header),
1072 "LIBARCHIVE.creationtime",
1073 archive_entry_birthtime(entry_main),
1074 archive_entry_birthtime_nsec(entry_main));
1075
1076 /* I use a star-compatible file flag attribute. */
1077 p = archive_entry_fflags_text(entry_main);
1078 if (p != NULL && *p != '\0')
1079 add_pax_attr(&(pax->pax_header), "SCHILY.fflags", p);
1080
1081 /* I use star-compatible ACL attributes. */
1082 r = archive_entry_acl_text_l(entry_original,
1083 ARCHIVE_ENTRY_ACL_TYPE_ACCESS |
1084 ARCHIVE_ENTRY_ACL_STYLE_EXTRA_ID,
1085 &p, NULL, pax->sconv_utf8);
1086 if (r != 0) {
1087 if (errno == ENOMEM) {
1088 archive_set_error(&a->archive, ENOMEM,
1089 "Can't allocate memory for "
1090 "ACL.access");
1091 return (ARCHIVE_FATAL);
1092 }
1093 archive_set_error(&a->archive,
1094 ARCHIVE_ERRNO_FILE_FORMAT,
1095 "Can't translate ACL.access to UTF-8");
1096 ret = ARCHIVE_WARN;
1097 } else if (p != NULL && *p != '\0') {
1098 add_pax_attr(&(pax->pax_header),
1099 "SCHILY.acl.access", p);
1100 }
1101 r = archive_entry_acl_text_l(entry_original,
1102 ARCHIVE_ENTRY_ACL_TYPE_DEFAULT |
1103 ARCHIVE_ENTRY_ACL_STYLE_EXTRA_ID,
1104 &p, NULL, pax->sconv_utf8);
1105 if (r != 0) {
1106 if (errno == ENOMEM) {
1107 archive_set_error(&a->archive, ENOMEM,
1108 "Can't allocate memory for "
1109 "ACL.default");
1110 return (ARCHIVE_FATAL);
1111 }
1112 archive_set_error(&a->archive,
1113 ARCHIVE_ERRNO_FILE_FORMAT,
1114 "Can't translate ACL.default to UTF-8");
1115 ret = ARCHIVE_WARN;
1116 } else if (p != NULL && *p != '\0') {
1117 add_pax_attr(&(pax->pax_header),
1118 "SCHILY.acl.default", p);
1119 }
1120
1121 /* We use GNU-tar-compatible sparse attributes. */
1122 if (sparse_count > 0) {
1123 int64_t soffset, slength;
1124
1125 add_pax_attr_int(&(pax->pax_header),
1126 "GNU.sparse.major", 1);
1127 add_pax_attr_int(&(pax->pax_header),
1128 "GNU.sparse.minor", 0);
1129 add_pax_attr(&(pax->pax_header),
1130 "GNU.sparse.name", entry_name.s);
1131 add_pax_attr_int(&(pax->pax_header),
1132 "GNU.sparse.realsize",
1133 archive_entry_size(entry_main));
1134
1135 /* Rename the file name which will be used for
1136 * ustar header to a special name, which GNU
1137 * PAX Format 1.0 requires */
1138 archive_entry_set_pathname(entry_main,
1139 build_gnu_sparse_name(gnu_sparse_name,
1140 entry_name.s));
1141
1142 /*
1143 * - Make a sparse map, which will precede a file data.
1144 * - Get the total size of available data of sparse.
1145 */
1146 archive_string_sprintf(&(pax->sparse_map), "%d\n",
1147 sparse_count);
1148 while (archive_entry_sparse_next(entry_main,
1149 &soffset, &slength) == ARCHIVE_OK) {
1150 archive_string_sprintf(&(pax->sparse_map),
1151 "%jd\n%jd\n",
1152 (intmax_t)soffset,
1153 (intmax_t)slength);
1154 sparse_total += slength;
1155 if (sparse_list_add(pax, soffset, slength)
1156 != ARCHIVE_OK) {
1157 archive_set_error(&a->archive,
1158 ENOMEM,
1159 "Can't allocate memory");
1160 archive_entry_free(entry_main);
1161 archive_string_free(&entry_name);
1162 return (ARCHIVE_FATAL);
1163 }
1164 }
1165 }
1166
1167 /* Store extended attributes */
1168 if (archive_write_pax_header_xattrs(a, pax, entry_original)
1169 == ARCHIVE_FATAL) {
1170 archive_entry_free(entry_main);
1171 archive_string_free(&entry_name);
1172 return (ARCHIVE_FATAL);
1173 }
1174 }
1175
1176 /* Only regular files have data. */
1177 if (archive_entry_filetype(entry_main) != AE_IFREG)
1178 archive_entry_set_size(entry_main, 0);
1179
1180 /*
1181 * Pax-restricted does not store data for hardlinks, in order
1182 * to improve compatibility with ustar.
1183 */
1184 if (a->archive.archive_format != ARCHIVE_FORMAT_TAR_PAX_INTERCHANGE &&
1185 hardlink != NULL)
1186 archive_entry_set_size(entry_main, 0);
1187
1188 /*
1189 * XXX Full pax interchange format does permit a hardlink
1190 * entry to have data associated with it. I'm not supporting
1191 * that here because the client expects me to tell them whether
1192 * or not this format expects data for hardlinks. If I
1193 * don't check here, then every pax archive will end up with
1194 * duplicated data for hardlinks. Someday, there may be
1195 * need to select this behavior, in which case the following
1196 * will need to be revisited. XXX
1197 */
1198 if (hardlink != NULL)
1199 archive_entry_set_size(entry_main, 0);
1200
1201 /* Save a real file size. */
1202 real_size = archive_entry_size(entry_main);
1203 /*
1204 * Overwrite a file size by the total size of sparse blocks and
1205 * the size of sparse map info. That file size is the length of
1206 * the data, which we will exactly store into an archive file.
1207 */
1208 if (archive_strlen(&(pax->sparse_map))) {
1209 size_t mapsize = archive_strlen(&(pax->sparse_map));
1210 pax->sparse_map_padding = 0x1ff & (-(ssize_t)mapsize);
1211 archive_entry_set_size(entry_main,
1212 mapsize + pax->sparse_map_padding + sparse_total);
1213 }
1214
1215 /* Format 'ustar' header for main entry.
1216 *
1217 * The trouble with file size: If the reader can't understand
1218 * the file size, they may not be able to locate the next
1219 * entry and the rest of the archive is toast. Pax-compliant
1220 * readers are supposed to ignore the file size in the main
1221 * header, so the question becomes how to maximize portability
1222 * for readers that don't support pax attribute extensions.
1223 * For maximum compatibility, I permit numeric extensions in
1224 * the main header so that the file size stored will always be
1225 * correct, even if it's in a format that only some
1226 * implementations understand. The technique used here is:
1227 *
1228 * a) If possible, follow the standard exactly. This handles
1229 * files up to 8 gigabytes minus 1.
1230 *
1231 * b) If that fails, try octal but omit the field terminator.
1232 * That handles files up to 64 gigabytes minus 1.
1233 *
1234 * c) Otherwise, use base-256 extensions. That handles files
1235 * up to 2^63 in this implementation, with the potential to
1236 * go up to 2^94. That should hold us for a while. ;-)
1237 *
1238 * The non-strict formatter uses similar logic for other
1239 * numeric fields, though they're less critical.
1240 */
1241 if (__archive_write_format_header_ustar(a, ustarbuff, entry_main, -1, 0,
1242 NULL) == ARCHIVE_FATAL)
1243 return (ARCHIVE_FATAL);
1244
1245 /* If we built any extended attributes, write that entry first. */
1246 if (archive_strlen(&(pax->pax_header)) > 0) {
1247 struct archive_entry *pax_attr_entry;
1248 time_t s;
1249 int64_t uid, gid;
1250 int mode;
1251
1252 pax_attr_entry = archive_entry_new2(&a->archive);
1253 p = entry_name.s;
1254 archive_entry_set_pathname(pax_attr_entry,
1255 build_pax_attribute_name(pax_entry_name, p));
1256 archive_entry_set_size(pax_attr_entry,
1257 archive_strlen(&(pax->pax_header)));
1258 /* Copy uid/gid (but clip to ustar limits). */
1259 uid = archive_entry_uid(entry_main);
1260 if (uid >= 1 << 18)
1261 uid = (1 << 18) - 1;
1262 archive_entry_set_uid(pax_attr_entry, uid);
1263 gid = archive_entry_gid(entry_main);
1264 if (gid >= 1 << 18)
1265 gid = (1 << 18) - 1;
1266 archive_entry_set_gid(pax_attr_entry, gid);
1267 /* Copy mode over (but not setuid/setgid bits) */
1268 mode = archive_entry_mode(entry_main);
1269 #ifdef S_ISUID
1270 mode &= ~S_ISUID;
1271 #endif
1272 #ifdef S_ISGID
1273 mode &= ~S_ISGID;
1274 #endif
1275 #ifdef S_ISVTX
1276 mode &= ~S_ISVTX;
1277 #endif
1278 archive_entry_set_mode(pax_attr_entry, mode);
1279
1280 /* Copy uname/gname. */
1281 archive_entry_set_uname(pax_attr_entry,
1282 archive_entry_uname(entry_main));
1283 archive_entry_set_gname(pax_attr_entry,
1284 archive_entry_gname(entry_main));
1285
1286 /* Copy mtime, but clip to ustar limits. */
1287 s = archive_entry_mtime(entry_main);
1288 if (s < 0) { s = 0; }
1289 if (s >= 0x7fffffff) { s = 0x7fffffff; }
1290 archive_entry_set_mtime(pax_attr_entry, s, 0);
1291
1292 /* Standard ustar doesn't support atime. */
1293 archive_entry_set_atime(pax_attr_entry, 0, 0);
1294
1295 /* Standard ustar doesn't support ctime. */
1296 archive_entry_set_ctime(pax_attr_entry, 0, 0);
1297
1298 r = __archive_write_format_header_ustar(a, paxbuff,
1299 pax_attr_entry, 'x', 1, NULL);
1300
1301 archive_entry_free(pax_attr_entry);
1302
1303 /* Note that the 'x' header shouldn't ever fail to format */
1304 if (r < ARCHIVE_WARN) {
1305 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1306 "archive_write_pax_header: "
1307 "'x' header failed?! This can't happen.\n");
1308 return (ARCHIVE_FATAL);
1309 } else if (r < ret)
1310 ret = r;
1311 r = __archive_write_output(a, paxbuff, 512);
1312 if (r != ARCHIVE_OK) {
1313 sparse_list_clear(pax);
1314 pax->entry_bytes_remaining = 0;
1315 pax->entry_padding = 0;
1316 return (ARCHIVE_FATAL);
1317 }
1318
1319 pax->entry_bytes_remaining = archive_strlen(&(pax->pax_header));
1320 pax->entry_padding =
1321 0x1ff & (-(int64_t)pax->entry_bytes_remaining);
1322
1323 r = __archive_write_output(a, pax->pax_header.s,
1324 archive_strlen(&(pax->pax_header)));
1325 if (r != ARCHIVE_OK) {
1326 /* If a write fails, we're pretty much toast. */
1327 return (ARCHIVE_FATAL);
1328 }
1329 /* Pad out the end of the entry. */
1330 r = __archive_write_nulls(a, (size_t)pax->entry_padding);
1331 if (r != ARCHIVE_OK) {
1332 /* If a write fails, we're pretty much toast. */
1333 return (ARCHIVE_FATAL);
1334 }
1335 pax->entry_bytes_remaining = pax->entry_padding = 0;
1336 }
1337
1338 /* Write the header for main entry. */
1339 r = __archive_write_output(a, ustarbuff, 512);
1340 if (r != ARCHIVE_OK)
1341 return (r);
1342
1343 /*
1344 * Inform the client of the on-disk size we're using, so
1345 * they can avoid unnecessarily writing a body for something
1346 * that we're just going to ignore.
1347 */
1348 archive_entry_set_size(entry_original, real_size);
1349 if (pax->sparse_list == NULL && real_size > 0) {
1350 /* This is not a sparse file but we handle its data as
1351 * a sparse block. */
1352 sparse_list_add(pax, 0, real_size);
1353 sparse_total = real_size;
1354 }
1355 pax->entry_padding = 0x1ff & (-(int64_t)sparse_total);
1356 archive_entry_free(entry_main);
1357 archive_string_free(&entry_name);
1358
1359 return (ret);
1360 }
1361
1362 /*
1363 * We need a valid name for the regular 'ustar' entry. This routine
1364 * tries to hack something more-or-less reasonable.
1365 *
1366 * The approach here tries to preserve leading dir names. We do so by
1367 * working with four sections:
1368 * 1) "prefix" directory names,
1369 * 2) "suffix" directory names,
1370 * 3) inserted dir name (optional),
1371 * 4) filename.
1372 *
1373 * These sections must satisfy the following requirements:
1374 * * Parts 1 & 2 together form an initial portion of the dir name.
1375 * * Part 3 is specified by the caller. (It should not contain a leading
1376 * or trailing '/'.)
1377 * * Part 4 forms an initial portion of the base filename.
1378 * * The filename must be <= 99 chars to fit the ustar 'name' field.
1379 * * Parts 2, 3, 4 together must be <= 99 chars to fit the ustar 'name' fld.
1380 * * Part 1 must be <= 155 chars to fit the ustar 'prefix' field.
1381 * * If the original name ends in a '/', the new name must also end in a '/'
1382 * * Trailing '/.' sequences may be stripped.
1383 *
1384 * Note: Recall that the ustar format does not store the '/' separating
1385 * parts 1 & 2, but does store the '/' separating parts 2 & 3.
1386 */
1387 static char *
build_ustar_entry_name(char * dest,const char * src,size_t src_length,const char * insert)1388 build_ustar_entry_name(char *dest, const char *src, size_t src_length,
1389 const char *insert)
1390 {
1391 const char *prefix, *prefix_end;
1392 const char *suffix, *suffix_end;
1393 const char *filename, *filename_end;
1394 char *p;
1395 int need_slash = 0; /* Was there a trailing slash? */
1396 size_t suffix_length = 99;
1397 size_t insert_length;
1398
1399 /* Length of additional dir element to be added. */
1400 if (insert == NULL)
1401 insert_length = 0;
1402 else
1403 /* +2 here allows for '/' before and after the insert. */
1404 insert_length = strlen(insert) + 2;
1405
1406 /* Step 0: Quick bailout in a common case. */
1407 if (src_length < 100 && insert == NULL) {
1408 strncpy(dest, src, src_length);
1409 dest[src_length] = '\0';
1410 return (dest);
1411 }
1412
1413 /* Step 1: Locate filename and enforce the length restriction. */
1414 filename_end = src + src_length;
1415 /* Remove trailing '/' chars and '/.' pairs. */
1416 for (;;) {
1417 if (filename_end > src && filename_end[-1] == '/') {
1418 filename_end --;
1419 need_slash = 1; /* Remember to restore trailing '/'. */
1420 continue;
1421 }
1422 if (filename_end > src + 1 && filename_end[-1] == '.'
1423 && filename_end[-2] == '/') {
1424 filename_end -= 2;
1425 need_slash = 1; /* "foo/." will become "foo/" */
1426 continue;
1427 }
1428 break;
1429 }
1430 if (need_slash)
1431 suffix_length--;
1432 /* Find start of filename. */
1433 filename = filename_end - 1;
1434 while ((filename > src) && (*filename != '/'))
1435 filename --;
1436 if ((*filename == '/') && (filename < filename_end - 1))
1437 filename ++;
1438 /* Adjust filename_end so that filename + insert fits in 99 chars. */
1439 suffix_length -= insert_length;
1440 if (filename_end > filename + suffix_length)
1441 filename_end = filename + suffix_length;
1442 /* Calculate max size for "suffix" section (#3 above). */
1443 suffix_length -= filename_end - filename;
1444
1445 /* Step 2: Locate the "prefix" section of the dirname, including
1446 * trailing '/'. */
1447 prefix = src;
1448 prefix_end = prefix + 155;
1449 if (prefix_end > filename)
1450 prefix_end = filename;
1451 while (prefix_end > prefix && *prefix_end != '/')
1452 prefix_end--;
1453 if ((prefix_end < filename) && (*prefix_end == '/'))
1454 prefix_end++;
1455
1456 /* Step 3: Locate the "suffix" section of the dirname,
1457 * including trailing '/'. */
1458 suffix = prefix_end;
1459 suffix_end = suffix + suffix_length; /* Enforce limit. */
1460 if (suffix_end > filename)
1461 suffix_end = filename;
1462 if (suffix_end < suffix)
1463 suffix_end = suffix;
1464 while (suffix_end > suffix && *suffix_end != '/')
1465 suffix_end--;
1466 if ((suffix_end < filename) && (*suffix_end == '/'))
1467 suffix_end++;
1468
1469 /* Step 4: Build the new name. */
1470 /* The OpenBSD strlcpy function is safer, but less portable. */
1471 /* Rather than maintain two versions, just use the strncpy version. */
1472 p = dest;
1473 if (prefix_end > prefix) {
1474 strncpy(p, prefix, prefix_end - prefix);
1475 p += prefix_end - prefix;
1476 }
1477 if (suffix_end > suffix) {
1478 strncpy(p, suffix, suffix_end - suffix);
1479 p += suffix_end - suffix;
1480 }
1481 if (insert != NULL) {
1482 /* Note: assume insert does not have leading or trailing '/' */
1483 strcpy(p, insert);
1484 p += strlen(insert);
1485 *p++ = '/';
1486 }
1487 strncpy(p, filename, filename_end - filename);
1488 p += filename_end - filename;
1489 if (need_slash)
1490 *p++ = '/';
1491 *p = '\0';
1492
1493 return (dest);
1494 }
1495
1496 /*
1497 * The ustar header for the pax extended attributes must have a
1498 * reasonable name: SUSv3 requires 'dirname'/PaxHeader.'pid'/'filename'
1499 * where 'pid' is the PID of the archiving process. Unfortunately,
1500 * that makes testing a pain since the output varies for each run,
1501 * so I'm sticking with the simpler 'dirname'/PaxHeader/'filename'
1502 * for now. (Someday, I'll make this settable. Then I can use the
1503 * SUS recommendation as default and test harnesses can override it
1504 * to get predictable results.)
1505 *
1506 * Joerg Schilling has argued that this is unnecessary because, in
1507 * practice, if the pax extended attributes get extracted as regular
1508 * files, no one is going to bother reading those attributes to
1509 * manually restore them. Based on this, 'star' uses
1510 * /tmp/PaxHeader/'basename' as the ustar header name. This is a
1511 * tempting argument, in part because it's simpler than the SUSv3
1512 * recommendation, but I'm not entirely convinced. I'm also
1513 * uncomfortable with the fact that "/tmp" is a Unix-ism.
1514 *
1515 * The following routine leverages build_ustar_entry_name() above and
1516 * so is simpler than you might think. It just needs to provide the
1517 * additional path element and handle a few pathological cases).
1518 */
1519 static char *
build_pax_attribute_name(char * dest,const char * src)1520 build_pax_attribute_name(char *dest, const char *src)
1521 {
1522 char buff[64];
1523 const char *p;
1524
1525 /* Handle the null filename case. */
1526 if (src == NULL || *src == '\0') {
1527 strcpy(dest, "PaxHeader/blank");
1528 return (dest);
1529 }
1530
1531 /* Prune final '/' and other unwanted final elements. */
1532 p = src + strlen(src);
1533 for (;;) {
1534 /* Ends in "/", remove the '/' */
1535 if (p > src && p[-1] == '/') {
1536 --p;
1537 continue;
1538 }
1539 /* Ends in "/.", remove the '.' */
1540 if (p > src + 1 && p[-1] == '.'
1541 && p[-2] == '/') {
1542 --p;
1543 continue;
1544 }
1545 break;
1546 }
1547
1548 /* Pathological case: After above, there was nothing left.
1549 * This includes "/." "/./." "/.//./." etc. */
1550 if (p == src) {
1551 strcpy(dest, "/PaxHeader/rootdir");
1552 return (dest);
1553 }
1554
1555 /* Convert unadorned "." into a suitable filename. */
1556 if (*src == '.' && p == src + 1) {
1557 strcpy(dest, "PaxHeader/currentdir");
1558 return (dest);
1559 }
1560
1561 /*
1562 * TODO: Push this string into the 'pax' structure to avoid
1563 * recomputing it every time. That will also open the door
1564 * to having clients override it.
1565 */
1566 #if HAVE_GETPID && 0 /* Disable this for now; see above comment. */
1567 sprintf(buff, "PaxHeader.%d", getpid());
1568 #else
1569 /* If the platform can't fetch the pid, don't include it. */
1570 strcpy(buff, "PaxHeader");
1571 #endif
1572 /* General case: build a ustar-compatible name adding
1573 * "/PaxHeader/". */
1574 build_ustar_entry_name(dest, src, p - src, buff);
1575
1576 return (dest);
1577 }
1578
1579 /*
1580 * GNU PAX Format 1.0 requires the special name, which pattern is:
1581 * <dir>/GNUSparseFile.<pid>/<original file name>
1582 *
1583 * This function is used for only Sparse file, a file type of which
1584 * is regular file.
1585 */
1586 static char *
build_gnu_sparse_name(char * dest,const char * src)1587 build_gnu_sparse_name(char *dest, const char *src)
1588 {
1589 char buff[64];
1590 const char *p;
1591
1592 /* Handle the null filename case. */
1593 if (src == NULL || *src == '\0') {
1594 strcpy(dest, "GNUSparseFile/blank");
1595 return (dest);
1596 }
1597
1598 /* Prune final '/' and other unwanted final elements. */
1599 p = src + strlen(src);
1600 for (;;) {
1601 /* Ends in "/", remove the '/' */
1602 if (p > src && p[-1] == '/') {
1603 --p;
1604 continue;
1605 }
1606 /* Ends in "/.", remove the '.' */
1607 if (p > src + 1 && p[-1] == '.'
1608 && p[-2] == '/') {
1609 --p;
1610 continue;
1611 }
1612 break;
1613 }
1614
1615 #if HAVE_GETPID && 0 /* Disable this as pax attribute name. */
1616 sprintf(buff, "GNUSparseFile.%d", getpid());
1617 #else
1618 /* If the platform can't fetch the pid, don't include it. */
1619 strcpy(buff, "GNUSparseFile");
1620 #endif
1621 /* General case: build a ustar-compatible name adding
1622 * "/GNUSparseFile/". */
1623 build_ustar_entry_name(dest, src, p - src, buff);
1624
1625 return (dest);
1626 }
1627
1628 /* Write two null blocks for the end of archive */
1629 static int
archive_write_pax_close(struct archive_write * a)1630 archive_write_pax_close(struct archive_write *a)
1631 {
1632 return (__archive_write_nulls(a, 512 * 2));
1633 }
1634
1635 static int
archive_write_pax_free(struct archive_write * a)1636 archive_write_pax_free(struct archive_write *a)
1637 {
1638 struct pax *pax;
1639
1640 pax = (struct pax *)a->format_data;
1641 if (pax == NULL)
1642 return (ARCHIVE_OK);
1643
1644 archive_string_free(&pax->pax_header);
1645 archive_string_free(&pax->sparse_map);
1646 archive_string_free(&pax->l_url_encoded_name);
1647 sparse_list_clear(pax);
1648 free(pax);
1649 a->format_data = NULL;
1650 return (ARCHIVE_OK);
1651 }
1652
1653 static int
archive_write_pax_finish_entry(struct archive_write * a)1654 archive_write_pax_finish_entry(struct archive_write *a)
1655 {
1656 struct pax *pax;
1657 uint64_t remaining;
1658 int ret;
1659
1660 pax = (struct pax *)a->format_data;
1661 remaining = pax->entry_bytes_remaining;
1662 if (remaining == 0) {
1663 while (pax->sparse_list) {
1664 struct sparse_block *sb;
1665 if (!pax->sparse_list->is_hole)
1666 remaining += pax->sparse_list->remaining;
1667 sb = pax->sparse_list->next;
1668 free(pax->sparse_list);
1669 pax->sparse_list = sb;
1670 }
1671 }
1672 ret = __archive_write_nulls(a, (size_t)(remaining + pax->entry_padding));
1673 pax->entry_bytes_remaining = pax->entry_padding = 0;
1674 return (ret);
1675 }
1676
1677 static ssize_t
archive_write_pax_data(struct archive_write * a,const void * buff,size_t s)1678 archive_write_pax_data(struct archive_write *a, const void *buff, size_t s)
1679 {
1680 struct pax *pax;
1681 size_t ws;
1682 size_t total;
1683 int ret;
1684
1685 pax = (struct pax *)a->format_data;
1686
1687 /*
1688 * According to GNU PAX format 1.0, write a sparse map
1689 * before the body.
1690 */
1691 if (archive_strlen(&(pax->sparse_map))) {
1692 ret = __archive_write_output(a, pax->sparse_map.s,
1693 archive_strlen(&(pax->sparse_map)));
1694 if (ret != ARCHIVE_OK)
1695 return (ret);
1696 ret = __archive_write_nulls(a, pax->sparse_map_padding);
1697 if (ret != ARCHIVE_OK)
1698 return (ret);
1699 archive_string_empty(&(pax->sparse_map));
1700 }
1701
1702 total = 0;
1703 while (total < s) {
1704 const unsigned char *p;
1705
1706 while (pax->sparse_list != NULL &&
1707 pax->sparse_list->remaining == 0) {
1708 struct sparse_block *sb = pax->sparse_list->next;
1709 free(pax->sparse_list);
1710 pax->sparse_list = sb;
1711 }
1712
1713 if (pax->sparse_list == NULL)
1714 return (total);
1715
1716 p = ((const unsigned char *)buff) + total;
1717 ws = s - total;
1718 if (ws > pax->sparse_list->remaining)
1719 ws = (size_t)pax->sparse_list->remaining;
1720
1721 if (pax->sparse_list->is_hole) {
1722 /* Current block is hole thus we do not write
1723 * the body. */
1724 pax->sparse_list->remaining -= ws;
1725 total += ws;
1726 continue;
1727 }
1728
1729 ret = __archive_write_output(a, p, ws);
1730 pax->sparse_list->remaining -= ws;
1731 total += ws;
1732 if (ret != ARCHIVE_OK)
1733 return (ret);
1734 }
1735 return (total);
1736 }
1737
1738 static int
has_non_ASCII(const char * _p)1739 has_non_ASCII(const char *_p)
1740 {
1741 const unsigned char *p = (const unsigned char *)_p;
1742
1743 if (p == NULL)
1744 return (1);
1745 while (*p != '\0' && *p < 128)
1746 p++;
1747 return (*p != '\0');
1748 }
1749
1750 /*
1751 * Used by extended attribute support; encodes the name
1752 * so that there will be no '=' characters in the result.
1753 */
1754 static char *
url_encode(const char * in)1755 url_encode(const char *in)
1756 {
1757 const char *s;
1758 char *d;
1759 int out_len = 0;
1760 char *out;
1761
1762 for (s = in; *s != '\0'; s++) {
1763 if (*s < 33 || *s > 126 || *s == '%' || *s == '=')
1764 out_len += 3;
1765 else
1766 out_len++;
1767 }
1768
1769 out = (char *)malloc(out_len + 1);
1770 if (out == NULL)
1771 return (NULL);
1772
1773 for (s = in, d = out; *s != '\0'; s++) {
1774 /* encode any non-printable ASCII character or '%' or '=' */
1775 if (*s < 33 || *s > 126 || *s == '%' || *s == '=') {
1776 /* URL encoding is '%' followed by two hex digits */
1777 *d++ = '%';
1778 *d++ = "0123456789ABCDEF"[0x0f & (*s >> 4)];
1779 *d++ = "0123456789ABCDEF"[0x0f & *s];
1780 } else {
1781 *d++ = *s;
1782 }
1783 }
1784 *d = '\0';
1785 return (out);
1786 }
1787
1788 /*
1789 * Encode a sequence of bytes into a C string using base-64 encoding.
1790 *
1791 * Returns a null-terminated C string allocated with malloc(); caller
1792 * is responsible for freeing the result.
1793 */
1794 static char *
base64_encode(const char * s,size_t len)1795 base64_encode(const char *s, size_t len)
1796 {
1797 static const char digits[64] =
1798 { 'A','B','C','D','E','F','G','H','I','J','K','L','M','N','O',
1799 'P','Q','R','S','T','U','V','W','X','Y','Z','a','b','c','d',
1800 'e','f','g','h','i','j','k','l','m','n','o','p','q','r','s',
1801 't','u','v','w','x','y','z','0','1','2','3','4','5','6','7',
1802 '8','9','+','/' };
1803 int v;
1804 char *d, *out;
1805
1806 /* 3 bytes becomes 4 chars, but round up and allow for trailing NUL */
1807 out = (char *)malloc((len * 4 + 2) / 3 + 1);
1808 if (out == NULL)
1809 return (NULL);
1810 d = out;
1811
1812 /* Convert each group of 3 bytes into 4 characters. */
1813 while (len >= 3) {
1814 v = (((int)s[0] << 16) & 0xff0000)
1815 | (((int)s[1] << 8) & 0xff00)
1816 | (((int)s[2]) & 0x00ff);
1817 s += 3;
1818 len -= 3;
1819 *d++ = digits[(v >> 18) & 0x3f];
1820 *d++ = digits[(v >> 12) & 0x3f];
1821 *d++ = digits[(v >> 6) & 0x3f];
1822 *d++ = digits[(v) & 0x3f];
1823 }
1824 /* Handle final group of 1 byte (2 chars) or 2 bytes (3 chars). */
1825 switch (len) {
1826 case 0: break;
1827 case 1:
1828 v = (((int)s[0] << 16) & 0xff0000);
1829 *d++ = digits[(v >> 18) & 0x3f];
1830 *d++ = digits[(v >> 12) & 0x3f];
1831 break;
1832 case 2:
1833 v = (((int)s[0] << 16) & 0xff0000)
1834 | (((int)s[1] << 8) & 0xff00);
1835 *d++ = digits[(v >> 18) & 0x3f];
1836 *d++ = digits[(v >> 12) & 0x3f];
1837 *d++ = digits[(v >> 6) & 0x3f];
1838 break;
1839 }
1840 /* Add trailing NUL character so output is a valid C string. */
1841 *d = '\0';
1842 return (out);
1843 }
1844
1845 static void
sparse_list_clear(struct pax * pax)1846 sparse_list_clear(struct pax *pax)
1847 {
1848 while (pax->sparse_list != NULL) {
1849 struct sparse_block *sb = pax->sparse_list;
1850 pax->sparse_list = sb->next;
1851 free(sb);
1852 }
1853 pax->sparse_tail = NULL;
1854 }
1855
1856 static int
_sparse_list_add_block(struct pax * pax,int64_t offset,int64_t length,int is_hole)1857 _sparse_list_add_block(struct pax *pax, int64_t offset, int64_t length,
1858 int is_hole)
1859 {
1860 struct sparse_block *sb;
1861
1862 sb = (struct sparse_block *)malloc(sizeof(*sb));
1863 if (sb == NULL)
1864 return (ARCHIVE_FATAL);
1865 sb->next = NULL;
1866 sb->is_hole = is_hole;
1867 sb->offset = offset;
1868 sb->remaining = length;
1869 if (pax->sparse_list == NULL || pax->sparse_tail == NULL)
1870 pax->sparse_list = pax->sparse_tail = sb;
1871 else {
1872 pax->sparse_tail->next = sb;
1873 pax->sparse_tail = sb;
1874 }
1875 return (ARCHIVE_OK);
1876 }
1877
1878 static int
sparse_list_add(struct pax * pax,int64_t offset,int64_t length)1879 sparse_list_add(struct pax *pax, int64_t offset, int64_t length)
1880 {
1881 int64_t last_offset;
1882 int r;
1883
1884 if (pax->sparse_tail == NULL)
1885 last_offset = 0;
1886 else {
1887 last_offset = pax->sparse_tail->offset +
1888 pax->sparse_tail->remaining;
1889 }
1890 if (last_offset < offset) {
1891 /* Add a hole block. */
1892 r = _sparse_list_add_block(pax, last_offset,
1893 offset - last_offset, 1);
1894 if (r != ARCHIVE_OK)
1895 return (r);
1896 }
1897 /* Add data block. */
1898 return (_sparse_list_add_block(pax, offset, length, 0));
1899 }
1900
1901