[dragonfly/vkernel-mp.git] / contrib / libarchive-2.1 / libarchive / archive_read_support_format_tar.c
| blob | c2243b1fcf636c4e3e5dfcee31f93d7c465bbcda |
1 /*-
2 * Copyright (c) 2003-2007 Tim Kientzle
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
27 __FBSDID("$FreeBSD: src/lib/libarchive/archive_read_support_format_tar.c,v 1.54 2007/04/15 00:53:38 kientzle Exp $");
29 #ifdef HAVE_ERRNO_H
30 #include <errno.h>
31 #endif
32 #include <stddef.h>
34 #ifdef HAVE_STDLIB_H
35 #include <stdlib.h>
36 #endif
37 #ifdef HAVE_STRING_H
38 #include <string.h>
39 #endif
41 /* Obtain suitable wide-character manipulation functions. */
42 #ifdef HAVE_WCHAR_H
43 #include <wchar.h>
44 #else
45 /* Good enough for equality testing, which is all we need. */
47 {
52 }
53 /* Good enough for equality testing, which is all we need. */
55 {
60 }
62 {
65 p++;
67 }
68 #endif
75 /*
76 * Layout of POSIX 'ustar' tar header.
77 */
95 };
97 /*
98 * Structure of GNU tar header
99 */
103 };
128 /*
129 * GNU doesn't use POSIX 'prefix' field; they use the 'L' (longname)
130 * entry instead.
131 */
132 };
134 /*
135 * Data specific to this format.
136 */
139 off_t offset;
140 off_t remaining;
141 };
156 off_t entry_bytes_remaining;
157 off_t entry_offset;
158 off_t entry_padding;
160 };
215 int
217 {
219 }
222 int
224 {
234 }
238 archive_read_format_tar_bid,
239 archive_read_format_tar_read_header,
240 archive_read_format_tar_read_data,
241 archive_read_format_tar_skip,
242 archive_read_format_tar_cleanup);
247 }
249 static int
251 {
267 }
270 static int
272 {
274 ssize_t bytes_read;
278 /*
279 * If we're already reading a non-tar file, don't
280 * bother to bid.
281 */
284 ARCHIVE_FORMAT_TAR)
288 /*
289 * If we're already reading a tar format, start the bid at 1 as
290 * a failsafe.
291 */
293 ARCHIVE_FORMAT_TAR)
294 bid++;
296 /* Now let's look at the actual header and see if it matches. */
299 else
304 /* An archive without a proper end-of-archive marker. */
305 /* Hold our nose and bid 1 anyway. */
307 }
309 /* If it's a new archive, then just return a zero bid. */
312 /*
313 * If we already know this is a tar archive,
314 * then we have a problem.
315 */
319 }
321 /* If it's an end-of-archive mark, we can handle it. */
323 /* If it's a known tar file, end-of-archive is definite. */
325 ARCHIVE_FORMAT_TAR)
327 /* Empty archive? */
329 }
331 /* If it's not an end-of-archive mark, it must have a valid checksum.*/
338 /* Recognize POSIX formats. */
343 /* Recognize GNU tar format. */
348 /* Type flag must be null, digit or A-Z, a-z. */
356 /* Sanity check: Look at first byte of mode field. */
359 /* Base-256 value: No further verification possible! */
365 /* Octal Value. */
366 /* TODO: Check format of remainder of this field. */
369 /* Not a valid mode; bail out here. */
371 }
372 /* TODO: Sanity test uid/gid/size/mtime/rdevmajor/rdevminor fields. */
375 }
377 /*
378 * The function invoked by archive_read_header(). This
379 * just sets up a few things and then calls the internal
380 * tar_read_header() function below.
381 */
382 static int
385 {
386 /*
387 * When converting tar archives to cpio archives, it is
388 * essential that each distinct file have a distinct inode
389 * number. To simplify this, we keep a static count here to
390 * assign fake dev/inode numbers to each tar entry. Note that
391 * pax format archives may overwrite this with something more
392 * useful.
393 *
394 * Ideally, we would track every file read from the archive so
395 * that we could assign the same dev/ino pair to hardlinks,
396 * but the memory required to store a complete lookup table is
397 * probably not worthwhile just to support the relatively
398 * obscure tar->cpio conversion case.
399 */
407 /* Assign default device/inode values. */
410 /* Limit generated st_ino number to 16 bits. */
414 }
422 /*
423 * "Regular" entry with trailing '/' is really
424 * directory: This is needed for certain old tar
425 * variants and even for some broken newer ones.
426 */
432 }
434 }
436 static int
439 {
440 ssize_t bytes_read;
446 /* Remove exhausted entries from sparse list. */
452 }
454 /* We exhausted the entire sparse list. */
456 }
457 }
465 }
471 /* Don't read more than is available in the
472 * current sparse block. */
478 }
493 }
494 }
496 static int
498 {
499 off_t bytes_skipped;
505 /*
506 * Compression layer skip functions are required to either skip the
507 * length requested or fail, so we can rely upon the entire entry
508 * plus padding being skipped.
509 */
518 /* Free the sparse list. */
523 }
526 }
528 /*
529 * This function recursively interprets all of the headers associated
530 * with a single entry.
531 */
532 static int
535 {
536 ssize_t bytes;
541 /* Read 512-byte header record */
544 /*
545 * If we're here, it's becase the _bid function accepted
546 * this file. So just call a short read end-of-archive
547 * and be done with it.
548 */
550 }
553 /* Check for end-of-archive mark. */
555 /* Try to consume a second all-null record, as well. */
561 }
563 /*
564 * Note: If the checksum fails and we return ARCHIVE_RETRY,
565 * then the client is likely to just retry. This is a very
566 * crude way to search for the next valid header!
567 *
568 * TODO: Improve this by implementing a real header scan.
569 */
573 }
578 }
580 /* Determine the format variant. */
622 }
628 }
629 }
632 }
634 /*
635 * Return true if block checksum is correct.
636 */
637 static int
639 {
648 /*
649 * Test the checksum. Note that POSIX specifies _unsigned_
650 * bytes for this calculation.
651 */
663 /*
664 * Repeat test with _signed_ bytes, just in case this archive
665 * was created by an old BSD, Solaris, or HP-UX tar with a
666 * broken checksum calculation.
667 */
679 }
681 /*
682 * Return true if this block contains only nulls.
683 */
684 static int
686 {
693 }
695 /*
696 * Interpret 'A' Solaris ACL header
697 */
698 static int
701 {
710 /* XXX Ensure p doesn't overrun acl_text */
712 /* Skip leading octal number. */
713 /* XXX TODO: Parse the octal number and sanity-check it. */
716 p++;
717 p++;
723 ARCHIVE_ENTRY_ACL_TYPE_ACCESS);
726 }
729 }
731 /*
732 * Interpret 'K' long linkname header.
733 */
734 static int
737 {
743 /* Set symlink if symlink already set, else hardlink. */
745 }
747 }
749 /*
750 * Interpret 'L' long filename header.
751 */
752 static int
755 {
759 /* Read and parse "real" header, then override name. */
764 }
767 /*
768 * Interpret 'V' GNU tar volume header.
769 */
770 static int
773 {
776 /* Just skip this and read the next header. */
778 }
780 /*
781 * Read body of an archive entry into an archive_string object.
782 */
783 static int
786 {
797 /* Read the body into the string. */
815 }
818 }
820 /*
821 * Parse out common header elements.
822 *
823 * This would be the same as header_old_tar, except that the
824 * filename is handled slightly differently for old and POSIX
825 * entries (POSIX entries support a 'prefix'). This factoring
826 * allows header_old_tar and header_ustar
827 * to handle filenames differently, while still putting most of the
828 * common parsing into one place.
829 */
830 static int
833 {
843 else
846 /* Parse out the numeric fields (all are octal) */
853 /* Handle the tar type flag appropriately. */
859 /*
860 * The following may seem odd, but: Technically, tar
861 * does not store the file type for a "hard link"
862 * entry, only the fact that it is a hard link. So, I
863 * leave the type zero normally. But, pax interchange
864 * format allows hard links to have data, which
865 * implies that the underlying entry is a regular
866 * file.
867 */
871 /*
872 * A tricky point: Traditionally, tar readers have
873 * ignored the size field when reading hardlink
874 * entries, and some writers put non-zero sizes even
875 * though the body is empty. POSIX.1-2001 broke with
876 * this tradition by permitting hardlink entries to
877 * store valid bodies in pax interchange format, but
878 * not in ustar format. Since there is no hard and
879 * fast way to distinguish pax interchange from
880 * earlier archives (the 'x' and 'g' entries are
881 * optional, after all), we need a heuristic. Here, I
882 * use the bid function to test whether or not there's
883 * a valid header following. Of course, if we know
884 * this is pax interchange format, then we must obey
885 * the size.
886 *
887 * This heuristic will only fail for a pax interchange
888 * archive that is storing hardlink bodies, no pax
889 * extended attribute entries have yet occurred, and
890 * we encounter a hardlink entry for a file that is
891 * itself an uncompressed tar archive.
892 */
920 /*
921 * No special handling is actually required here.
922 * It might be nice someday to preprocess the file list and
923 * provide it to the client, though.
924 */
928 /*
929 * As far as I can tell, this is just like a regular file
930 * entry, except that the contents should be _appended_ to
931 * the indicated file at the indicated offset. This may
932 * require some API work to fully support.
933 */
936 /* The body of this entry is a script for renaming
937 * previously-extracted entries. Ugh. It will never
938 * be supported by libarchive. */
942 /*
943 * Sparse files are really just regular files with
944 * sparse information in the extended area.
945 */
946 /* FALLTHROUGH */
948 /*
949 * Per POSIX: non-recognized types should always be
950 * treated as regular files.
951 */
954 }
956 }
958 /*
959 * Parse out header elements for "old-style" tar archives.
960 */
961 static int
964 {
967 /* Copy filename over (to ensure null termination). */
972 /* Grab rest of common fields */
978 }
980 /*
981 * Parse a file header for a pax extended archive entry.
982 */
983 static int
986 {
992 }
994 static int
997 {
1002 /* Parse the next header. */
1005 /*
1006 * TODO: Parse global/default options into 'entry' struct here
1007 * before handling file-specific options.
1008 *
1009 * This design (parse standard header, then overwrite with pax
1010 * extended attribute data) usually works well, but isn't ideal;
1011 * it would be better to parse the pax extended attributes first
1012 * and then skip any fields in the standard header that were
1013 * defined in the pax header.
1014 */
1020 }
1023 /*
1024 * Parse a file header for a Posix "ustar" archive entry. This also
1025 * handles "pax" or "extended ustar" entries.
1026 */
1027 static int
1030 {
1036 /* Copy name into an internal buffer to ensure null-termination. */
1048 /* Handle rest of common fields. */
1051 /* Handle POSIX ustar fields. */
1060 /* Parse out device numbers only for char and block specials. */
1066 }
1072 }
1075 /*
1076 * Parse the pax extended attributes record.
1077 *
1078 * Returns non-zero if there's an error in the data.
1079 */
1080 static int
1083 {
1092 /* Parse decimal length field at start of line. */
1098 p++;
1099 l--;
1101 }
1110 }
1111 p++;
1112 l--;
1113 }
1118 /* Ensure pax_entry buffer is big enough. */
1135 }
1136 }
1138 /* Decode UTF-8 to wchar_t, null-terminate result. */
1144 }
1146 /* Null-terminate 'key' value. */
1156 }
1159 /* Identify null-terminated 'value' portion. */
1162 /* Identify this attribute and set it in the entry. */
1166 /* Skip to next line */
1169 }
1171 }
1173 static int
1176 {
1186 /* URL-decode name */
1195 /* Base-64 decode value */
1200 }
1208 }
1210 /*
1211 * Parse a single key=value attribute. key/value pointers are
1212 * assumed to point into reasonably long-lived storage.
1213 *
1214 * Note that POSIX reserves all-lowercase keywords. Vendor-specific
1215 * extensions should always have keywords of the form "VENDOR.attribute"
1216 * In particular, it's quite feasible to support many different
1217 * vendor extensions here. I'm using "LIBARCHIVE" for extensions
1218 * unique to this library (currently, there are none).
1219 *
1220 * Investigate other vendor-specific extensions, as well and see if
1221 * any of them look useful.
1222 */
1223 static int
1226 {
1232 /* Our extensions */
1233 /* TODO: Handle arbitrary extended attributes... */
1234 /*
1235 if (strcmp(key, "LIBARCHIVE.xxxxxxx")==0)
1236 archive_entry_set_xxxxxx(entry, value);
1237 */
1242 /* We support some keys used by the "star" archiver */
1245 ARCHIVE_ENTRY_ACL_TYPE_ACCESS);
1248 ARCHIVE_ENTRY_ACL_TYPE_DEFAULT);
1266 }
1273 /* TODO: Publish charset information in entry. */
1275 /* TODO: Publish comment in entry. */
1276 }
1285 /* pax interchange doesn't distinguish hardlink vs. symlink. */
1289 else
1291 }
1297 }
1304 /* POSIX has reserved 'realtime.*' */
1307 /* POSIX has reserved 'security.*' */
1308 /* Someday: if (wcscmp(key, L"security.acl")==0) { ... } */
1318 }
1320 }
1324 /*
1325 * parse a decimal time value, which may include a fractional portion
1326 */
1327 static void
1329 {
1343 p++;
1344 }
1351 }
1354 }
1358 /* Calculate nanoseconds. */
1369 else
1372 }
1374 /*
1375 * Parse GNU tar header
1376 */
1377 static int
1380 {
1385 /*
1386 * GNU header is like POSIX ustar, except 'prefix' is
1387 * replaced with some other fields. This also means the
1388 * filename is stored as in old-style archives.
1389 */
1391 /* Grab fields common to all tar variants. */
1394 /* Copy filename over (to ensure null termination). */
1400 /* Fields common to ustar and GNU */
1401 /* XXX Can the following be factored out since it's common
1402 * to ustar and gnu tar? Is it okay to move it down into
1403 * header_common, perhaps? */
1412 /* Parse out device numbers only for char and block specials */
1424 /* Grab GNU-specific fields. */
1432 }
1438 /* XXX WTF? XXX */
1439 }
1440 }
1443 }
1445 static int
1448 {
1449 ssize_t bytes_read;
1455 };
1468 "Truncated tar archive "
1471 }
1479 }
1481 static void
1484 {
1501 else
1507 sparse++;
1508 length--;
1509 }
1510 }
1512 /*-
1513 * Convert text->integer.
1514 *
1515 * Traditional tar formats (including POSIX) specify base-8 for
1516 * all of the standard numeric fields. This is a significant limitation
1517 * in practice:
1518 * = file size is limited to 8GB
1519 * = rdevmajor and rdevminor are limited to 21 bits
1520 * = uid/gid are limited to 21 bits
1521 *
1522 * There are two workarounds for this:
1523 * = pax extended headers, which use variable-length string fields
1524 * = GNU tar and STAR both allow either base-8 or base-256 in
1525 * most fields. The high bit is set to indicate base-256.
1526 *
1527 * On read, this implementation supports both extensions.
1528 */
1529 static int64_t
1531 {
1532 /*
1533 * Technically, GNU tar considers a field to be in base-256
1534 * only if the first byte is 0xff or 0x80.
1535 */
1539 }
1541 /*
1542 * Note that this implementation does not (and should not!) obey
1543 * locale settings; you cannot simply substitute strtol here, since
1544 * it does obey locale.
1545 */
1546 static int64_t
1548 {
1557 p++;
1560 p++;
1570 }
1573 }
1575 }
1578 /*
1579 * Note that this implementation does not (and should not!) obey
1580 * locale settings; you cannot simply substitute strtol here, since
1581 * it does obey locale.
1582 */
1583 static int64_t
1585 {
1594 p++;
1597 p++;
1607 }
1610 }
1612 }
1614 /*
1615 * Parse a base-256 integer. This is just a straight signed binary
1616 * value in big-endian order, except that the high-order bit is
1617 * ignored. Remember that "int64_t" may or may not be exactly 64
1618 * bits; the implementation here tries to avoid making any assumptions
1619 * about the actual size of an int64_t. It does assume we're using
1620 * twos-complement arithmetic, though.
1621 */
1622 static int64_t
1624 {
1631 /* Pad with 1 or 0 bits, depending on sign. */
1634 else
1644 }
1646 }
1648 }
1650 static int
1652 {
1661 dest++;
1664 }
1667 }
1669 /*
1670 * Copied and simplified from FreeBSD libc/locale.
1671 */
1672 static size_t
1674 {
1681 /*
1682 * Determine the number of octets that make up this character from
1683 * the first octet, and a mask that extracts the interesting bits of
1684 * the first octet.
1685 */
1706 /* Invalid first byte; convert to '?' */
1709 }
1712 /* Invalid first byte; convert to '?' */
1715 }
1717 /*
1718 * Decode the octet sequence representing the character in chunks
1719 * of 6 bits, most significant first.
1720 */
1725 /* Invalid intermediate byte; consume one byte and
1726 * emit '?' */
1729 }
1732 }
1734 /* Assign the value to the output; out-of-range values
1735 * just get truncated. */
1737 #ifdef WCHAR_MAX
1738 /*
1739 * If platform has WCHAR_MAX, we can do something
1740 * more sensible with out-of-range values.
1741 */
1744 #endif
1745 /* Return number of bytes input consumed: 0 for end-of-string. */
1747 }
1750 /*
1751 * base64_decode - Base64 decode
1752 *
1753 * This accepts most variations of base-64 encoding, including:
1754 * * with or without line breaks
1755 * * with or without the final group padded with '=' or '_' characters
1756 * (The most economical Base-64 variant does not pad the last group and
1757 * omits line breaks; RFC1341 used for MIME requires both.)
1758 */
1761 {
1771 /* If the decode table is not yet initialized, prepare it. */
1777 }
1779 /* Allocate enough space to hold the entire output. */
1780 /* Note that we may not use all of this... */
1785 }
1789 /* Collect the next group of (up to) four characters. */
1793 /* '=' or '_' padding indicates final group. */
1797 }
1798 /* Skip illegal characters (including line breaks) */
1801 len--;
1802 src++;
1804 }
1807 len --;
1808 group_size++;
1809 }
1810 /* Align a short group properly. */
1812 /* Unpack the group we just collected. */
1815 /* FALLTHROUGH */
1817 /* FALLTHROUGH */
1822 }
1824 }
1828 }
1830 /*
1831 * This is a little tricky because the C99 standard wcstombs()
1832 * function returns the number of bytes that were converted,
1833 * not the number that should be converted. As a result,
1834 * we can never accurately size the output buffer (without
1835 * doing a tedious output size calculation in advance).
1836 * This approach (try a conversion, then try again if it fails)
1837 * will almost always succeed on the first try, and is thus
1838 * much faster, at the cost of sometimes requiring multiple
1839 * passes while we expand the buffer.
1840 */
1843 {
1845 /* Guess an output buffer size and try the conversion. */
1852 /* If we exhausted the buffer, resize and try again. */
1860 }
1862 /* Ensure a trailing null and return the final string. */
1865 }
1869 {
1878 /* Try to convert % escape */
1882 /* Looks good, consume three chars */
1884 /* Convert output */
1887 }
1888 /* Else fall through and treat '%' as normal char */
1889 }
1891 }
1894 }
1896 static int
1898 {
1905 else
1907 }