X-Git-Url: https://git.dogcows.com/gitweb?a=blobdiff_plain;f=src%2Fextract.c;h=bd5e7bf588daecfa0da25ef9fa1bc64957e1be8e;hb=6689e8db4f53f6a0bed3d1bc4ed12d31eaa3bf51;hp=1f455932291db1a2d4e9dad187a73b6e63631427;hpb=ea964cce810e8d4592299a784b81fade0f759ccb;p=chaz%2Ftar diff --git a/src/extract.c b/src/extract.c index 1f45593..bd5e7bf 100644 --- a/src/extract.c +++ b/src/extract.c @@ -23,6 +23,7 @@ #include #include #include +#include #include "common.h" @@ -109,12 +110,15 @@ struct delayed_link /* The next delayed link in the list. */ struct delayed_link *next; - /* The device, inode number and ctime of the placeholder. Use - ctime, not mtime, to make false matches less likely if some - other process removes the placeholder. */ + /* The device, inode number and birthtime of the placeholder. + birthtime.tv_nsec is negative if the birthtime is not available. + Don't use mtime as this would allow for false matches if some + other process removes the placeholder. Don't use ctime as + this would cause race conditions and other screwups, e.g., + when restoring hard-linked symlinks. */ dev_t dev; ino_t ino; - struct timespec ctime; + struct timespec birthtime; /* True if the link is symbolic. */ bool is_symlink; @@ -177,7 +181,7 @@ fd_chmod (int fd, char const *file, mode_t mode, int atflag) if (result == 0 || implemented (errno)) return result; } - return fchmodat (AT_FDCWD, file, mode, atflag); + return fchmodat (chdir_fd, file, mode, atflag); } /* Use fchown if possible, fchownat otherwise. */ @@ -190,7 +194,7 @@ fd_chown (int fd, char const *file, uid_t uid, gid_t gid, int atflag) if (result == 0 || implemented (errno)) return result; } - return fchownat (AT_FDCWD, file, uid, gid, atflag); + return fchownat (chdir_fd, file, uid, gid, atflag); } /* Use fstat if possible, fstatat otherwise. */ @@ -199,7 +203,7 @@ fd_stat (int fd, char const *file, struct stat *st, int atflag) { return (0 <= fd ? fstat (fd, st) - : fstatat (AT_FDCWD, file, st, atflag)); + : fstatat (chdir_fd, file, st, atflag)); } /* Set the mode for FILE_NAME to MODE. @@ -324,7 +328,7 @@ set_stat (char const *file_name, ts[0].tv_nsec = UTIME_OMIT; ts[1] = st->mtime; - if (fd_utimensat (fd, AT_FDCWD, file_name, ts, atflag) == 0) + if (fdutimensat (fd, chdir_fd, file_name, ts, atflag) == 0) { if (incremental_option) check_time (file_name, ts[0]); @@ -361,6 +365,30 @@ set_stat (char const *file_name, fd, current_mode, current_mode_mask, typeflag, atflag); } +/* For each entry H in the leading prefix of entries in HEAD that do + not have after_links marked, mark H and fill in its dev and ino + members. Assume HEAD && ! HEAD->after_links. */ +static void +mark_after_links (struct delayed_set_stat *head) +{ + struct delayed_set_stat *h = head; + + do + { + struct stat st; + h->after_links = 1; + + if (deref_stat (h->file_name, &st) != 0) + stat_error (h->file_name); + else + { + h->dev = st.st_dev; + h->ino = st.st_ino; + } + } + while ((h = h->next) && ! h->after_links); +} + /* Remember to restore stat attributes (owner, group, mode and times) for the directory FILE_NAME, using information given in *ST, once we stop extracting files into that directory. @@ -408,6 +436,8 @@ delay_set_stat (char const *file_name, struct tar_stat_info const *st, data->change_dir = chdir_current; strcpy (data->file_name, file_name); delayed_set_stat_head = data; + if (must_be_dot_or_slash (file_name)) + mark_after_links (data); } /* Update the delayed_set_stat info for an intermediate directory @@ -422,7 +452,7 @@ repair_delayed_set_stat (char const *dir, for (data = delayed_set_stat_head; data; data = data->next) { struct stat st; - if (fstatat (AT_FDCWD, data->file_name, &st, data->atflag) != 0) + if (fstatat (chdir_fd, data->file_name, &st, data->atflag) != 0) { stat_error (data->file_name); return; @@ -451,20 +481,20 @@ repair_delayed_set_stat (char const *dir, /* After a file/link/directory creation has failed, see if it's because some required directory was not present, and if so, - create all required directories. Return non-zero if a directory - was created. */ + create all required directories. Return zero if all the required + directories were created, nonzero (issuing a diagnostic) otherwise. + Set *INTERDIR_MADE if at least one directory was created. */ static int -make_directories (char *file_name) +make_directories (char *file_name, bool *interdir_made) { char *cursor0 = file_name + FILE_SYSTEM_PREFIX_LEN (file_name); char *cursor; /* points into the file name */ - int did_something = 0; /* did we do anything yet? */ - int status; for (cursor = cursor0; *cursor; cursor++) { mode_t mode; mode_t desired_mode; + int status; if (! ISSLASH (*cursor)) continue; @@ -485,7 +515,7 @@ make_directories (char *file_name) *cursor = '\0'; /* truncate the name there */ desired_mode = MODE_RWX & ~ newdir_umask; mode = desired_mode | (we_are_root ? 0 : MODE_WXUSR); - status = mkdir (file_name, mode); + status = mkdirat (chdir_fd, file_name, mode); if (status == 0) { @@ -497,51 +527,60 @@ make_directories (char *file_name) desired_mode, AT_SYMLINK_NOFOLLOW); print_for_mkdir (file_name, cursor - file_name, desired_mode); - did_something = 1; - - *cursor = '/'; - continue; + *interdir_made = true; + } + else if (errno == EEXIST) + status = 0; + else + { + /* Check whether the desired file exists. Even when the + file exists, mkdir can fail with some errno value E other + than EEXIST, so long as E describes an error condition + that also applies. */ + int e = errno; + struct stat st; + status = fstatat (chdir_fd, file_name, &st, 0); + if (status) + { + errno = e; + mkdir_error (file_name); + } } *cursor = '/'; - - if (errno == EEXIST) - continue; /* Directory already exists. */ - else if ((errno == ENOSYS /* Automounted dirs on Solaris return - this. Reported by Warren Hyde - */ - || ERRNO_IS_EACCES) /* Turbo C mkdir gives a funny errno. */ - && access (file_name, W_OK) == 0) - continue; - - /* Some other error in the mkdir. We return to the caller. */ - break; + if (status) + return status; } - return did_something; /* tell them to retry if we made one */ + return 0; } +/* Return true if FILE_NAME (with status *STP, if STP) is not a + directory, and has a time stamp newer than (or equal to) that of + TAR_STAT. */ static bool -file_newer_p (const char *file_name, struct tar_stat_info *tar_stat) +file_newer_p (const char *file_name, struct stat const *stp, + struct tar_stat_info *tar_stat) { struct stat st; - if (stat (file_name, &st)) + if (!stp) { - if (errno != ENOENT) + if (deref_stat (file_name, &st) != 0) { - stat_warn (file_name); - /* Be on the safe side: if the file does exist assume it is newer */ - return true; + if (errno != ENOENT) + { + stat_warn (file_name); + /* Be safer: if the file exists, assume it is newer. */ + return true; + } + return false; } - return false; + stp = &st; } - if (!S_ISDIR (st.st_mode) - && tar_timespec_cmp (tar_stat->mtime, get_stat_mtime (&st)) <= 0) - { - return true; - } - return false; + + return (! S_ISDIR (stp->st_mode) + && tar_timespec_cmp (tar_stat->mtime, get_stat_mtime (stp)) <= 0); } #define RECOVER_NO 0 @@ -553,42 +592,75 @@ file_newer_p (const char *file_name, struct tar_stat_info *tar_stat) Return RECOVER_OK if we somewhat increased our chances at a successful extraction, RECOVER_NO if there are no chances, and RECOVER_SKIP if the caller should skip extraction of that member. The value of errno is - properly restored on returning RECOVER_NO. */ + properly restored on returning RECOVER_NO. + + If REGULAR, the caller was trying to extract onto a regular file. + + Set *INTERDIR_MADE if an intermediate directory is made as part of + the recovery process. */ static int -maybe_recoverable (char *file_name, bool *interdir_made) +maybe_recoverable (char *file_name, bool regular, bool *interdir_made) { int e = errno; + struct stat st; + struct stat const *stp = 0; if (*interdir_made) return RECOVER_NO; - switch (errno) + switch (e) { + case ELOOP: + + /* With open ("symlink", O_NOFOLLOW|...), POSIX says errno == ELOOP, + but some operating systems do not conform to the standard. */ +#ifdef EFTYPE + /* NetBSD uses errno == EFTYPE; see . */ + case EFTYPE: +#endif + /* FreeBSD 8.1 uses errno == EMLINK. */ + case EMLINK: + /* Tru64 5.1B uses errno == ENOTSUP. */ + case ENOTSUP: + + if (! regular + || old_files_option != OVERWRITE_OLD_FILES || dereference_option) + break; + if (strchr (file_name, '/')) + { + if (deref_stat (file_name, &st) != 0) + break; + stp = &st; + } + + /* The caller tried to open a symbolic link with O_NOFOLLOW. + Fall through, treating it as an already-existing file. */ + case EEXIST: /* Remove an old file, if the options allow this. */ switch (old_files_option) { - case KEEP_OLD_FILES: + case SKIP_OLD_FILES: + WARNOPT (WARN_EXISTING_FILE, + (0, 0, _("%s: skipping existing file"), file_name)); return RECOVER_SKIP; + case KEEP_OLD_FILES: + return RECOVER_NO; + case KEEP_NEWER_FILES: - if (file_newer_p (file_name, ¤t_stat_info)) - { - errno = e; - return RECOVER_NO; - } + if (file_newer_p (file_name, stp, ¤t_stat_info)) + break; /* FALL THROUGH */ case DEFAULT_OLD_FILES: case NO_OVERWRITE_DIR_OLD_FILES: case OVERWRITE_OLD_FILES: - { - int r = remove_any_file (file_name, ORDINARY_REMOVE_OPTION); - errno = EEXIST; - return r > 0 ? RECOVER_OK : RECOVER_NO; - } + if (0 < remove_any_file (file_name, ORDINARY_REMOVE_OPTION)) + return RECOVER_OK; + break; case UNLINK_FIRST_OLD_FILES: break; @@ -596,19 +668,17 @@ maybe_recoverable (char *file_name, bool *interdir_made) case ENOENT: /* Attempt creating missing intermediate directories. */ - if (! make_directories (file_name)) - { - errno = ENOENT; - return RECOVER_NO; - } - *interdir_made = true; - return RECOVER_OK; + if (make_directories (file_name, interdir_made) == 0 && *interdir_made) + return RECOVER_OK; + break; default: /* Just say we can't do anything about it... */ - - return RECOVER_NO; + break; } + + errno = e; + return RECOVER_NO; } /* Fix the statuses of all directories whose statuses need fixing, and @@ -644,7 +714,7 @@ apply_nonancestor_delayed_set_stat (char const *file_name, bool after_links) if (check_for_renamed_directories) { - if (fstatat (AT_FDCWD, data->file_name, &st, data->atflag) != 0) + if (fstatat (chdir_fd, data->file_name, &st, data->atflag) != 0) { stat_error (data->file_name); skip_this_one = 1; @@ -700,7 +770,7 @@ extract_dir (char *file_name, int typeflag) { struct stat st; - if (stat (".", &st) != 0) + if (fstatat (chdir_fd, ".", &st, 0) != 0) stat_diag ("."); else root_device = st.st_dev; @@ -727,7 +797,7 @@ extract_dir (char *file_name, int typeflag) for (;;) { - status = mkdir (file_name, mode); + status = mkdirat (chdir_fd, file_name, mode); if (status == 0) { current_mode = mode & ~ current_umask; @@ -742,7 +812,7 @@ extract_dir (char *file_name, int typeflag) || old_files_option == OVERWRITE_OLD_FILES)) { struct stat st; - if (stat (file_name, &st) == 0) + if (deref_stat (file_name, &st) == 0) { current_mode = st.st_mode; current_mode_mask = ALL_MODE_BITS; @@ -760,7 +830,7 @@ extract_dir (char *file_name, int typeflag) errno = EEXIST; } - switch (maybe_recoverable (file_name, &interdir_made)) + switch (maybe_recoverable (file_name, false, &interdir_made)) { case RECOVER_OK: continue; @@ -796,19 +866,12 @@ open_output_file (char const *file_name, int typeflag, mode_t mode, { int fd; bool overwriting_old_files = old_files_option == OVERWRITE_OLD_FILES; - int openflag = (O_WRONLY | O_BINARY | O_CREAT - | (overwriting_old_files ? O_TRUNC : O_EXCL)); - -#if O_CTG - /* Contiguous files (on the Masscomp) have to specify the size in - the open call that creates them. */ - - if (typeflag == CONTTYPE) - fd = open (file_name, openflag | O_CTG, mode, current_stat_info.stat.st_size); - else - fd = open (file_name, openflag, mode); + int openflag = (O_WRONLY | O_BINARY | O_CLOEXEC | O_NOCTTY | O_NONBLOCK + | O_CREAT + | (overwriting_old_files + ? O_TRUNC | (dereference_option ? 0 : O_NOFOLLOW) + : O_EXCL)); -#else /* not O_CTG */ if (typeflag == CONTTYPE) { static int conttype_diagnosed; @@ -820,10 +883,23 @@ open_output_file (char const *file_name, int typeflag, mode_t mode, (0, 0, _("Extracting contiguous files as regular files"))); } } - fd = open (file_name, openflag, mode); -#endif /* not O_CTG */ + /* If O_NOFOLLOW is needed but does not work, check for a symlink + separately. There's a race condition, but that cannot be avoided + on hosts lacking O_NOFOLLOW. */ + if (! HAVE_WORKING_O_NOFOLLOW + && overwriting_old_files && ! dereference_option) + { + struct stat st; + if (fstatat (chdir_fd, file_name, &st, AT_SYMLINK_NOFOLLOW) == 0 + && S_ISLNK (st.st_mode)) + { + errno = ELOOP; + return -1; + } + } + fd = openat (chdir_fd, file_name, openflag, mode); if (0 <= fd) { if (overwriting_old_files) @@ -883,21 +959,19 @@ extract_file (char *file_name, int typeflag) } else { - int recover = RECOVER_NO; - do - fd = open_output_file (file_name, typeflag, mode, - ¤t_mode, ¤t_mode_mask); - while (fd < 0 - && (recover = maybe_recoverable (file_name, &interdir_made)) - == RECOVER_OK); - - if (fd < 0) + while ((fd = open_output_file (file_name, typeflag, mode, + ¤t_mode, ¤t_mode_mask)) + < 0) { - skip_member (); - if (recover == RECOVER_SKIP) - return 0; - open_error (file_name); - return 1; + int recover = maybe_recoverable (file_name, true, &interdir_made); + if (recover != RECOVER_OK) + { + skip_member (); + if (recover == RECOVER_SKIP) + return 0; + open_error (file_name); + return 1; + } } } @@ -925,7 +999,7 @@ extract_file (char *file_name, int typeflag) if (written > size) written = size; errno = 0; - count = full_write (fd, data_block->buffer, written); + count = blocking_write (fd, data_block->buffer, written); size -= written; set_next_block_after ((union block *) @@ -977,9 +1051,9 @@ create_placeholder_file (char *file_name, bool is_symlink, bool *interdir_made) int fd; struct stat st; - while ((fd = open (file_name, O_WRONLY | O_CREAT | O_EXCL, 0)) < 0) + while ((fd = openat (chdir_fd, file_name, O_WRONLY | O_CREAT | O_EXCL, 0)) < 0) { - switch (maybe_recoverable (file_name, interdir_made)) + switch (maybe_recoverable (file_name, false, interdir_made)) { case RECOVER_OK: continue; @@ -1011,7 +1085,7 @@ create_placeholder_file (char *file_name, bool is_symlink, bool *interdir_made) delayed_link_head = p; p->dev = st.st_dev; p->ino = st.st_ino; - p->ctime = get_stat_ctime (&st); + p->birthtime = get_stat_birthtime (&st); p->is_symlink = is_symlink; if (is_symlink) { @@ -1033,21 +1107,7 @@ create_placeholder_file (char *file_name, bool is_symlink, bool *interdir_made) && strncmp (file_name, h->file_name, h->file_name_len) == 0 && ISSLASH (file_name[h->file_name_len]) && (last_component (file_name) == file_name + h->file_name_len + 1)) - { - do - { - h->after_links = 1; - - if (stat (h->file_name, &st) != 0) - stat_error (h->file_name); - else - { - h->dev = st.st_dev; - h->ino = st.st_ino; - } - } - while ((h = h->next) && ! h->after_links); - } + mark_after_links (h); return 0; } @@ -1071,18 +1131,20 @@ extract_link (char *file_name, int typeflag) { struct stat st1, st2; int e; - int status = link (link_name, file_name); + int status = linkat (chdir_fd, link_name, chdir_fd, file_name, 0); e = errno; if (status == 0) { struct delayed_link *ds = delayed_link_head; - if (ds && lstat (link_name, &st1) == 0) + if (ds + && fstatat (chdir_fd, link_name, &st1, AT_SYMLINK_NOFOLLOW) == 0) for (; ds; ds = ds->next) if (ds->change_dir == chdir_current && ds->dev == st1.st_dev && ds->ino == st1.st_ino - && timespec_cmp (ds->ctime, get_stat_ctime (&st1)) == 0) + && (timespec_cmp (ds->birthtime, get_stat_birthtime (&st1)) + == 0)) { struct string_list *p = xmalloc (offsetof (struct string_list, string) + strlen (file_name) + 1); @@ -1094,15 +1156,18 @@ extract_link (char *file_name, int typeflag) return 0; } else if ((e == EEXIST && strcmp (link_name, file_name) == 0) - || (lstat (link_name, &st1) == 0 - && lstat (file_name, &st2) == 0 + || ((fstatat (chdir_fd, link_name, &st1, AT_SYMLINK_NOFOLLOW) + == 0) + && (fstatat (chdir_fd, file_name, &st2, AT_SYMLINK_NOFOLLOW) + == 0) && st1.st_dev == st2.st_dev && st1.st_ino == st2.st_ino)) return 0; errno = e; } - while ((rc = maybe_recoverable (file_name, &interdir_made)) == RECOVER_OK); + while ((rc = maybe_recoverable (file_name, false, &interdir_made)) + == RECOVER_OK); if (rc == RECOVER_SKIP) return 0; @@ -1125,8 +1190,8 @@ extract_symlink (char *file_name, int typeflag) || contains_dot_dot (current_stat_info.link_name))) return create_placeholder_file (file_name, true, &interdir_made); - while (symlink (current_stat_info.link_name, file_name)) - switch (maybe_recoverable (file_name, &interdir_made)) + while (symlinkat (current_stat_info.link_name, chdir_fd, file_name) != 0) + switch (maybe_recoverable (file_name, false, &interdir_made)) { case RECOVER_OK: continue; @@ -1162,11 +1227,12 @@ static int extract_node (char *file_name, int typeflag) { bool interdir_made = false; - mode_t mode = (current_stat_info.stat.st_mode & MODE_RWX + mode_t mode = (current_stat_info.stat.st_mode & (MODE_RWX | S_IFBLK | S_IFCHR) & ~ (0 < same_owner_option ? S_IRWXG | S_IRWXO : 0)); - while (mknod (file_name, mode, current_stat_info.stat.st_rdev) != 0) - switch (maybe_recoverable (file_name, &interdir_made)) + while (mknodat (chdir_fd, file_name, mode, current_stat_info.stat.st_rdev) + != 0) + switch (maybe_recoverable (file_name, false, &interdir_made)) { case RECOVER_OK: continue; @@ -1194,8 +1260,8 @@ extract_fifo (char *file_name, int typeflag) mode_t mode = (current_stat_info.stat.st_mode & MODE_RWX & ~ (0 < same_owner_option ? S_IRWXG | S_IRWXO : 0)); - while (mkfifo (file_name, mode) != 0) - switch (maybe_recoverable (file_name, &interdir_made)) + while (mkfifoat (chdir_fd, file_name, mode) != 0) + switch (maybe_recoverable (file_name, false, &interdir_made)) { case RECOVER_OK: continue; @@ -1343,7 +1409,7 @@ prepare_to_extract (char const *file_name, int typeflag, tar_extractor_t *fun) break; case KEEP_NEWER_FILES: - if (file_newer_p (file_name, ¤t_stat_info)) + if (file_newer_p (file_name, 0, ¤t_stat_info)) { WARNOPT (WARN_IGNORE_NEWER, (0, 0, _("Current %s is newer or same age"), @@ -1441,23 +1507,25 @@ apply_delayed_links (void) /* Make sure the placeholder file is still there. If not, don't create a link, as the placeholder was probably removed by a later extraction. */ - if (lstat (source, &st) == 0 + if (fstatat (chdir_fd, source, &st, AT_SYMLINK_NOFOLLOW) == 0 && st.st_dev == ds->dev && st.st_ino == ds->ino - && timespec_cmp (get_stat_ctime (&st), ds->ctime) == 0) + && timespec_cmp (get_stat_birthtime (&st), ds->birthtime) == 0) { /* Unlink the placeholder, then create a hard link if possible, a symbolic link otherwise. */ - if (unlink (source) != 0) + if (unlinkat (chdir_fd, source, 0) != 0) unlink_error (source); - else if (valid_source && link (valid_source, source) == 0) + else if (valid_source + && (linkat (chdir_fd, valid_source, chdir_fd, source, 0) + == 0)) ; else if (!ds->is_symlink) { - if (link (ds->target, source) != 0) + if (linkat (chdir_fd, ds->target, chdir_fd, source, 0) != 0) link_error (ds->target, source); } - else if (symlink (ds->target, source) != 0) + else if (symlinkat (ds->target, chdir_fd, source) != 0) symlink_error (ds->target, source); else { @@ -1510,16 +1578,17 @@ extract_finish (void) bool rename_directory (char *src, char *dst) { - if (rename (src, dst)) + if (renameat (chdir_fd, src, chdir_fd, dst) != 0) { int e = errno; + bool interdir_made; switch (e) { case ENOENT: - if (make_directories (dst)) + if (make_directories (dst, &interdir_made) == 0) { - if (rename (src, dst) == 0) + if (renameat (chdir_fd, src, chdir_fd, dst) == 0) return true; e = errno; }