]> git.proxmox.com Git - proxmox-backup.git/blob - src/pxar/sequential_decoder.rs
projects / proxmox-backup.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
switch from failure to anyhow
[proxmox-backup.git] / src / pxar / sequential_decoder.rs
1 //! *pxar* format decoder.
2 //!
3 //! This module contain the code to decode *pxar* archive files.
4 use std::ffi::CString;
5 use std::ffi::{OsStr, OsString};
6 use std::io::{Read, Write};
7 use std::os::unix::ffi::{OsStrExt, OsStringExt};
8 use std::os::unix::io::AsRawFd;
9 use std::os::unix::io::FromRawFd;
10 use std::os::unix::io::RawFd;
11 use std::path::{Path, PathBuf};
12
13 use endian_trait::Endian;
14 use anyhow::{bail, format_err, Error};
15 use nix::errno::Errno;
16 use nix::fcntl::OFlag;
17 use nix::sys::stat::Mode;
18 use nix::NixPath;
19
20 use proxmox::tools::io::ReadExt;
21 use proxmox::tools::vec;
22
23 use super::dir_stack::{PxarDir, PxarDirStack};
24 use super::flags;
25 use super::format_definition::*;
26 use super::match_pattern::{MatchPattern, MatchPatternSlice, MatchType};
27
28 use crate::tools::acl;
29 use crate::tools::fs;
30 use crate::tools::xattr;
31
32 // This one need Read, but works without Seek
33 pub struct SequentialDecoder<R: Read> {
34 reader: R,
35 feature_flags: u64,
36 allow_existing_dirs: bool,
37 skip_buffer: Vec<u8>,
38 callback: Option<Box<dyn Fn(&Path) -> Result<(), Error> + Send>>,
39 }
40
41 const HEADER_SIZE: u64 = std::mem::size_of::<PxarHeader>() as u64;
42
43 impl<R: Read> SequentialDecoder<R> {
44
45 pub fn new(
46 reader: R,
47 feature_flags: u64,
48 ) -> Self {
49 let skip_buffer = vec::undefined(64 * 1024);
50
51 Self {
52 reader,
53 feature_flags,
54 allow_existing_dirs: false,
55 skip_buffer,
56 callback: None,
57 }
58 }
59
60 pub fn set_callback<F: Fn(&Path) -> Result<(), Error> + Send + 'static>(&mut self, callback: F ) {
61 self.callback = Some(Box::new(callback));
62 }
63
64 pub fn set_allow_existing_dirs(&mut self, allow: bool) {
65 self.allow_existing_dirs = allow;
66 }
67
68 pub(crate) fn get_reader_mut(&mut self) -> &mut R {
69 &mut self.reader
70 }
71
72 pub(crate) fn read_item<T: Endian>(&mut self) -> Result<T, Error> {
73 let mut result = std::mem::MaybeUninit::<T>::uninit();
74
75 let buffer = unsafe {
76 std::slice::from_raw_parts_mut(result.as_mut_ptr() as *mut u8, std::mem::size_of::<T>())
77 };
78
79 self.reader.read_exact(buffer)?;
80 let result = unsafe { result.assume_init() };
81
82 Ok(result.from_le())
83 }
84
85 pub(crate) fn read_link(&mut self, size: u64) -> Result<PathBuf, Error> {
86 if size < (HEADER_SIZE + 2) {
87 bail!("dectected short link target.");
88 }
89 let target_len = size - HEADER_SIZE;
90
91 if target_len > (libc::PATH_MAX as u64) {
92 bail!("link target too long ({}).", target_len);
93 }
94
95 let mut buffer = self.reader.read_exact_allocated(target_len as usize)?;
96
97 let last_byte = buffer.pop().unwrap();
98 if last_byte != 0u8 {
99 bail!("link target not nul terminated.");
100 }
101
102 Ok(PathBuf::from(std::ffi::OsString::from_vec(buffer)))
103 }
104
105 pub(crate) fn read_hardlink(&mut self, size: u64) -> Result<(PathBuf, u64), Error> {
106 if size < (HEADER_SIZE + 8 + 2) {
107 bail!("dectected short hardlink header.");
108 }
109 let offset: u64 = self.read_item()?;
110 let target = self.read_link(size - 8)?;
111
112 for c in target.components() {
113 match c {
114 std::path::Component::Normal(_) => { /* OK */ }
115 _ => bail!("hardlink target contains invalid component {:?}", c),
116 }
117 }
118
119 Ok((target, offset))
120 }
121
122 pub(crate) fn read_filename(&mut self, size: u64) -> Result<OsString, Error> {
123 if size < (HEADER_SIZE + 2) {
124 bail!("dectected short filename");
125 }
126 let name_len = size - HEADER_SIZE;
127
128 if name_len > ((libc::FILENAME_MAX as u64) + 1) {
129 bail!("filename too long ({}).", name_len);
130 }
131
132 let mut buffer = self.reader.read_exact_allocated(name_len as usize)?;
133
134 let last_byte = buffer.pop().unwrap();
135 if last_byte != 0u8 {
136 bail!("filename entry not nul terminated.");
137 }
138
139 if buffer == b"." || buffer == b".." {
140 bail!("found invalid filename '.' or '..'.");
141 }
142
143 if buffer.iter().any(|b| (*b == b'/' || *b == b'\0')) {
144 bail!("found invalid filename with slashes or nul bytes.");
145 }
146
147 let name = std::ffi::OsString::from_vec(buffer);
148 if name.is_empty() {
149 bail!("found empty filename.");
150 }
151
152 Ok(name)
153 }
154
155 fn has_features(&self, feature_flags: u64) -> bool {
156 (self.feature_flags & feature_flags) == feature_flags
157 }
158
159 fn read_xattr(&mut self, size: usize) -> Result<PxarXAttr, Error> {
160 let buffer = self.reader.read_exact_allocated(size)?;
161
162 let separator = buffer
163 .iter()
164 .position(|c| *c == b'\0')
165 .ok_or_else(|| format_err!("no value found in xattr"))?;
166
167 let (name, value) = buffer.split_at(separator);
168 if !xattr::is_valid_xattr_name(name) || xattr::is_security_capability(name) {
169 bail!("incorrect xattr name - {}.", String::from_utf8_lossy(name));
170 }
171
172 Ok(PxarXAttr {
173 name: name.to_vec(),
174 value: value[1..].to_vec(),
175 })
176 }
177
178 fn read_fcaps(&mut self, size: usize) -> Result<PxarFCaps, Error> {
179 let buffer = self.reader.read_exact_allocated(size)?;
180
181 Ok(PxarFCaps { data: buffer })
182 }
183
184 pub(crate) fn read_attributes(&mut self) -> Result<(PxarHeader, PxarAttributes), Error> {
185 let mut attr = PxarAttributes::default();
186 let mut head: PxarHeader = self.read_item()?;
187 let mut size = (head.size - HEADER_SIZE) as usize;
188 loop {
189 match head.htype {
190 PXAR_XATTR => {
191 if self.has_features(flags::WITH_XATTRS) {
192 attr.xattrs.push(self.read_xattr(size)?);
193 } else {
194 self.skip_bytes(size)?;
195 }
196 }
197 PXAR_FCAPS => {
198 if self.has_features(flags::WITH_FCAPS) {
199 attr.fcaps = Some(self.read_fcaps(size)?);
200 } else {
201 self.skip_bytes(size)?;
202 }
203 }
204 PXAR_ACL_USER => {
205 if self.has_features(flags::WITH_ACL) {
206 attr.acl_user.push(self.read_item::<PxarACLUser>()?);
207 } else {
208 self.skip_bytes(size)?;
209 }
210 }
211 PXAR_ACL_GROUP => {
212 if self.has_features(flags::WITH_ACL) {
213 attr.acl_group.push(self.read_item::<PxarACLGroup>()?);
214 } else {
215 self.skip_bytes(size)?;
216 }
217 }
218 PXAR_ACL_GROUP_OBJ => {
219 if self.has_features(flags::WITH_ACL) {
220 attr.acl_group_obj = Some(self.read_item::<PxarACLGroupObj>()?);
221 } else {
222 self.skip_bytes(size)?;
223 }
224 }
225 PXAR_ACL_DEFAULT => {
226 if self.has_features(flags::WITH_ACL) {
227 attr.acl_default = Some(self.read_item::<PxarACLDefault>()?);
228 } else {
229 self.skip_bytes(size)?;
230 }
231 }
232 PXAR_ACL_DEFAULT_USER => {
233 if self.has_features(flags::WITH_ACL) {
234 attr.acl_default_user.push(self.read_item::<PxarACLUser>()?);
235 } else {
236 self.skip_bytes(size)?;
237 }
238 }
239 PXAR_ACL_DEFAULT_GROUP => {
240 if self.has_features(flags::WITH_ACL) {
241 attr.acl_default_group
242 .push(self.read_item::<PxarACLGroup>()?);
243 } else {
244 self.skip_bytes(size)?;
245 }
246 }
247 PXAR_QUOTA_PROJID => {
248 if self.has_features(flags::WITH_QUOTA_PROJID) {
249 attr.quota_projid = Some(self.read_item::<PxarQuotaProjID>()?);
250 } else {
251 self.skip_bytes(size)?;
252 }
253 }
254 _ => break,
255 }
256 head = self.read_item()?;
257 size = (head.size - HEADER_SIZE) as usize;
258 }
259
260 Ok((head, attr))
261 }
262
263 fn restore_attributes(
264 &mut self,
265 fd: RawFd,
266 attr: &PxarAttributes,
267 entry: &PxarEntry,
268 ) -> Result<(), Error> {
269 self.restore_xattrs_fcaps_fd(fd, &attr.xattrs, &attr.fcaps)?;
270
271 let mut acl = acl::ACL::init(5)?;
272 acl.add_entry_full(
273 acl::ACL_USER_OBJ,
274 None,
275 acl::mode_user_to_acl_permissions(entry.mode),
276 )?;
277 acl.add_entry_full(
278 acl::ACL_OTHER,
279 None,
280 acl::mode_other_to_acl_permissions(entry.mode),
281 )?;
282 match &attr.acl_group_obj {
283 Some(group_obj) => {
284 acl.add_entry_full(
285 acl::ACL_MASK,
286 None,
287 acl::mode_group_to_acl_permissions(entry.mode),
288 )?;
289 acl.add_entry_full(acl::ACL_GROUP_OBJ, None, group_obj.permissions)?;
290 }
291 None => {
292 acl.add_entry_full(
293 acl::ACL_GROUP_OBJ,
294 None,
295 acl::mode_group_to_acl_permissions(entry.mode),
296 )?;
297 }
298 }
299 for user in &attr.acl_user {
300 acl.add_entry_full(acl::ACL_USER, Some(user.uid), user.permissions)?;
301 }
302 for group in &attr.acl_group {
303 acl.add_entry_full(acl::ACL_GROUP, Some(group.gid), group.permissions)?;
304 }
305 let proc_path = Path::new("/proc/self/fd/").join(fd.to_string());
306 if !acl.is_valid() {
307 bail!("Error while restoring ACL - ACL invalid");
308 }
309 acl.set_file(&proc_path, acl::ACL_TYPE_ACCESS)?;
310
311 if let Some(default) = &attr.acl_default {
312 let mut acl = acl::ACL::init(5)?;
313 acl.add_entry_full(acl::ACL_USER_OBJ, None, default.user_obj_permissions)?;
314 acl.add_entry_full(acl::ACL_GROUP_OBJ, None, default.group_obj_permissions)?;
315 acl.add_entry_full(acl::ACL_OTHER, None, default.other_permissions)?;
316 if default.mask_permissions != std::u64::MAX {
317 acl.add_entry_full(acl::ACL_MASK, None, default.mask_permissions)?;
318 }
319 for user in &attr.acl_default_user {
320 acl.add_entry_full(acl::ACL_USER, Some(user.uid), user.permissions)?;
321 }
322 for group in &attr.acl_default_group {
323 acl.add_entry_full(acl::ACL_GROUP, Some(group.gid), group.permissions)?;
324 }
325 if !acl.is_valid() {
326 bail!("Error while restoring ACL - ACL invalid");
327 }
328 acl.set_file(&proc_path, acl::ACL_TYPE_DEFAULT)?;
329 }
330 self.restore_quota_projid(fd, &attr.quota_projid)?;
331
332 Ok(())
333 }
334
335 // Restore xattrs and fcaps to the given RawFd.
336 fn restore_xattrs_fcaps_fd(
337 &mut self,
338 fd: RawFd,
339 xattrs: &[PxarXAttr],
340 fcaps: &Option<PxarFCaps>,
341 ) -> Result<(), Error> {
342 for xattr in xattrs {
343 if let Err(err) = xattr::fsetxattr(fd, &xattr) {
344 bail!("fsetxattr failed with error: {}", err);
345 }
346 }
347 if let Some(fcaps) = fcaps {
348 if let Err(err) = xattr::fsetxattr_fcaps(fd, &fcaps) {
349 bail!("fsetxattr_fcaps failed with error: {}", err);
350 }
351 }
352
353 Ok(())
354 }
355
356 fn restore_quota_projid(
357 &mut self,
358 fd: RawFd,
359 projid: &Option<PxarQuotaProjID>,
360 ) -> Result<(), Error> {
361 if let Some(projid) = projid {
362 let mut fsxattr = fs::FSXAttr::default();
363 unsafe {
364 fs::fs_ioc_fsgetxattr(fd, &mut fsxattr).map_err(|err| {
365 format_err!(
366 "error while getting fsxattr to restore quota project id - {}",
367 err
368 )
369 })?;
370 }
371 fsxattr.fsx_projid = projid.projid as u32;
372 unsafe {
373 fs::fs_ioc_fssetxattr(fd, &fsxattr).map_err(|err| {
374 format_err!(
375 "error while setting fsxattr to restore quota project id - {}",
376 err
377 )
378 })?;
379 }
380 }
381
382 Ok(())
383 }
384
385 fn restore_mode(&mut self, entry: &PxarEntry, fd: RawFd) -> Result<(), Error> {
386 let mode = Mode::from_bits_truncate((entry.mode as u32) & 0o7777);
387
388 nix::sys::stat::fchmod(fd, mode)?;
389
390 Ok(())
391 }
392
393 fn restore_mode_at(
394 &mut self,
395 entry: &PxarEntry,
396 dirfd: RawFd,
397 filename: &OsStr,
398 ) -> Result<(), Error> {
399 let mode = Mode::from_bits_truncate((entry.mode as u32) & 0o7777);
400
401 // NOTE: we want :FchmodatFlags::NoFollowSymlink, but fchmodat does not support that
402 // on linux (see man fchmodat). Fortunately, we can simply avoid calling this on symlinks.
403 nix::sys::stat::fchmodat(
404 Some(dirfd),
405 filename,
406 mode,
407 nix::sys::stat::FchmodatFlags::FollowSymlink,
408 )?;
409
410 Ok(())
411 }
412
413 fn restore_ugid(&mut self, entry: &PxarEntry, fd: RawFd) -> Result<(), Error> {
414 let uid = entry.uid;
415 let gid = entry.gid;
416
417 let res = unsafe { libc::fchown(fd, uid, gid) };
418 Errno::result(res)?;
419
420 Ok(())
421 }
422
423 fn restore_ugid_at(
424 &mut self,
425 entry: &PxarEntry,
426 dirfd: RawFd,
427 filename: &OsStr,
428 ) -> Result<(), Error> {
429 let uid = entry.uid;
430 let gid = entry.gid;
431
432 let res = filename.with_nix_path(|cstr| unsafe {
433 libc::fchownat(dirfd, cstr.as_ptr(), uid, gid, libc::AT_SYMLINK_NOFOLLOW)
434 })?;
435 Errno::result(res)?;
436
437 Ok(())
438 }
439
440 fn restore_mtime(&mut self, entry: &PxarEntry, fd: RawFd) -> Result<(), Error> {
441 let times = nsec_to_update_timespec(entry.mtime);
442
443 let res = unsafe { libc::futimens(fd, &times[0]) };
444 Errno::result(res)?;
445
446 Ok(())
447 }
448
449 fn restore_mtime_at(
450 &mut self,
451 entry: &PxarEntry,
452 dirfd: RawFd,
453 filename: &OsStr,
454 ) -> Result<(), Error> {
455 let times = nsec_to_update_timespec(entry.mtime);
456
457 let res = filename.with_nix_path(|cstr| unsafe {
458 libc::utimensat(dirfd, cstr.as_ptr(), &times[0], libc::AT_SYMLINK_NOFOLLOW)
459 })?;
460 Errno::result(res)?;
461
462 Ok(())
463 }
464
465 fn restore_device_at(
466 &mut self,
467 entry: &PxarEntry,
468 dirfd: RawFd,
469 filename: &OsStr,
470 device: &PxarDevice,
471 ) -> Result<(), Error> {
472 let rdev = nix::sys::stat::makedev(device.major, device.minor);
473 let mode = ((entry.mode as u32) & libc::S_IFMT) | 0o0600;
474 let res = filename
475 .with_nix_path(|cstr| unsafe { libc::mknodat(dirfd, cstr.as_ptr(), mode, rdev) })?;
476 Errno::result(res)?;
477
478 Ok(())
479 }
480
481 fn restore_socket_at(&mut self, dirfd: RawFd, filename: &OsStr) -> Result<(), Error> {
482 let mode = libc::S_IFSOCK | 0o0600;
483 let res = filename
484 .with_nix_path(|cstr| unsafe { libc::mknodat(dirfd, cstr.as_ptr(), mode, 0) })?;
485 Errno::result(res)?;
486
487 Ok(())
488 }
489
490 fn restore_fifo_at(&mut self, dirfd: RawFd, filename: &OsStr) -> Result<(), Error> {
491 let mode = libc::S_IFIFO | 0o0600;
492 let res =
493 filename.with_nix_path(|cstr| unsafe { libc::mkfifoat(dirfd, cstr.as_ptr(), mode) })?;
494 Errno::result(res)?;
495
496 Ok(())
497 }
498
499 pub(crate) fn skip_bytes(&mut self, count: usize) -> Result<(), Error> {
500 let mut done = 0;
501 while done < count {
502 let todo = count - done;
503 let n = if todo > self.skip_buffer.len() {
504 self.skip_buffer.len()
505 } else {
506 todo
507 };
508 let data = &mut self.skip_buffer[..n];
509 self.reader.read_exact(data)?;
510 done += n;
511 }
512 Ok(())
513 }
514
515 fn restore_symlink(
516 &mut self,
517 parent_fd: Option<RawFd>,
518 full_path: &PathBuf,
519 entry: &PxarEntry,
520 filename: &OsStr,
521 ) -> Result<(), Error> {
522 //fixme: create symlink
523 //fixme: restore permission, acls, xattr, ...
524
525 let head: PxarHeader = self.read_item()?;
526 match head.htype {
527 PXAR_SYMLINK => {
528 let target = self.read_link(head.size)?;
529 //println!("TARGET: {:?}", target);
530 if let Some(fd) = parent_fd {
531 if let Err(err) = symlinkat(&target, fd, filename) {
532 bail!("create symlink {:?} failed - {}", full_path, err);
533 }
534 }
535 }
536 _ => bail!(
537 "got unknown header type inside symlink entry {:016x}",
538 head.htype
539 ),
540 }
541
542 if let Some(fd) = parent_fd {
543 // self.restore_mode_at(&entry, fd, filename)?; //not supported on symlinks
544 self.restore_ugid_at(&entry, fd, filename)?;
545 self.restore_mtime_at(&entry, fd, filename)?;
546 }
547
548 Ok(())
549 }
550
551 fn restore_socket(
552 &mut self,
553 parent_fd: Option<RawFd>,
554 entry: &PxarEntry,
555 filename: &OsStr,
556 ) -> Result<(), Error> {
557 if !self.has_features(flags::WITH_SOCKETS) {
558 return Ok(());
559 }
560 if let Some(fd) = parent_fd {
561 self.restore_socket_at(fd, filename)?;
562 self.restore_mode_at(&entry, fd, filename)?;
563 self.restore_ugid_at(&entry, fd, filename)?;
564 self.restore_mtime_at(&entry, fd, filename)?;
565 }
566
567 Ok(())
568 }
569
570 fn restore_fifo(
571 &mut self,
572 parent_fd: Option<RawFd>,
573 entry: &PxarEntry,
574 filename: &OsStr,
575 ) -> Result<(), Error> {
576 if !self.has_features(flags::WITH_FIFOS) {
577 return Ok(());
578 }
579 if let Some(fd) = parent_fd {
580 self.restore_fifo_at(fd, filename)?;
581 self.restore_mode_at(&entry, fd, filename)?;
582 self.restore_ugid_at(&entry, fd, filename)?;
583 self.restore_mtime_at(&entry, fd, filename)?;
584 }
585
586 Ok(())
587 }
588
589 fn restore_device(
590 &mut self,
591 parent_fd: Option<RawFd>,
592 entry: &PxarEntry,
593 filename: &OsStr,
594 ) -> Result<(), Error> {
595 let head: PxarHeader = self.read_item()?;
596 if head.htype != PXAR_DEVICE {
597 bail!(
598 "got unknown header type inside device entry {:016x}",
599 head.htype
600 );
601 }
602 let device: PxarDevice = self.read_item()?;
603 if !self.has_features(flags::WITH_DEVICE_NODES) {
604 return Ok(());
605 }
606 if let Some(fd) = parent_fd {
607 self.restore_device_at(&entry, fd, filename, &device)?;
608 self.restore_mode_at(&entry, fd, filename)?;
609 self.restore_ugid_at(&entry, fd, filename)?;
610 self.restore_mtime_at(&entry, fd, filename)?;
611 }
612
613 Ok(())
614 }
615
616 /// Restores a regular file with its content and associated attributes to the
617 /// folder provided by the raw filedescriptor.
618 /// If None is passed instead of a filedescriptor, the file is not restored but
619 /// the archive reader is skipping over it instead.
620 fn restore_regular_file(
621 &mut self,
622 parent_fd: Option<RawFd>,
623 full_path: &PathBuf,
624 entry: &PxarEntry,
625 filename: &OsStr,
626 ) -> Result<(), Error> {
627 let (head, attr) = self
628 .read_attributes()
629 .map_err(|err| format_err!("Reading of file attributes failed - {}", err))?;
630
631 if let Some(fd) = parent_fd {
632 let flags = OFlag::O_CREAT | OFlag::O_WRONLY | OFlag::O_EXCL;
633 let open_mode = Mode::from_bits_truncate(0o0600 | entry.mode as u32); //fixme: upper 32bits of entry.mode?
634 let mut file = file_openat(fd, filename, flags, open_mode)
635 .map_err(|err| format_err!("open file {:?} failed - {}", full_path, err))?;
636
637 if head.htype != PXAR_PAYLOAD {
638 bail!("got unknown header type for file entry {:016x}", head.htype);
639 }
640
641 if head.size < HEADER_SIZE {
642 bail!("detected short payload");
643 }
644 let need = (head.size - HEADER_SIZE) as usize;
645
646 let mut read_buffer = unsafe { vec::uninitialized(64 * 1024) };
647 let mut done = 0;
648 while done < need {
649 let todo = need - done;
650 let n = if todo > read_buffer.len() {
651 read_buffer.len()
652 } else {
653 todo
654 };
655 let data = &mut read_buffer[..n];
656 self.reader.read_exact(data)?;
657 file.write_all(data)?;
658 done += n;
659 }
660
661 self.restore_ugid(&entry, file.as_raw_fd())?;
662 // fcaps have to be restored after restore_ugid as chown clears security.capability xattr, see CVE-2015-1350
663 self.restore_attributes(file.as_raw_fd(), &attr, &entry)?;
664 self.restore_mode(&entry, file.as_raw_fd())?;
665 self.restore_mtime(&entry, file.as_raw_fd())?;
666 } else {
667 if head.htype != PXAR_PAYLOAD {
668 bail!("got unknown header type for file entry {:016x}", head.htype);
669 }
670 if head.size < HEADER_SIZE {
671 bail!("detected short payload");
672 }
673 self.skip_bytes((head.size - HEADER_SIZE) as usize)?;
674 }
675
676 Ok(())
677 }
678
679 fn restore_dir(
680 &mut self,
681 base_path: &Path,
682 dirs: &mut PxarDirStack,
683 entry: PxarEntry,
684 filename: &OsStr,
685 matched: MatchType,
686 match_pattern: &[MatchPatternSlice],
687 ) -> Result<(), Error> {
688 let (mut head, attr) = self
689 .read_attributes()
690 .map_err(|err| format_err!("Reading of directory attributes failed - {}", err))?;
691
692 let dir = PxarDir::new(filename, entry, attr);
693 dirs.push(dir);
694 if matched == MatchType::Positive {
695 dirs.create_all_dirs(!self.allow_existing_dirs)?;
696 }
697
698 while head.htype == PXAR_FILENAME {
699 let name = self.read_filename(head.size)?;
700 self.restore_dir_entry(base_path, dirs, &name, matched, match_pattern)?;
701 head = self.read_item()?;
702 }
703
704 if head.htype != PXAR_GOODBYE {
705 bail!(
706 "got unknown header type inside directory entry {:016x}",
707 head.htype
708 );
709 }
710
711 if head.size < HEADER_SIZE {
712 bail!("detected short goodbye table");
713 }
714 self.skip_bytes((head.size - HEADER_SIZE) as usize)?;
715
716 let last = dirs
717 .pop()
718 .ok_or_else(|| format_err!("Tried to pop beyond dir root - this should not happen!"))?;
719 if let Some(d) = last.dir {
720 let fd = d.as_raw_fd();
721 self.restore_ugid(&last.entry, fd)?;
722 // fcaps have to be restored after restore_ugid as chown clears security.capability xattr, see CVE-2015-1350
723 self.restore_attributes(fd, &last.attr, &last.entry)?;
724 self.restore_mode(&last.entry, fd)?;
725 self.restore_mtime(&last.entry, fd)?;
726 }
727
728 Ok(())
729 }
730
731 /// Restore an archive into the specified directory.
732 ///
733 /// The directory is created if it does not exist.
734 pub fn restore(&mut self, path: &Path, match_pattern: &[MatchPattern]) -> Result<(), Error> {
735 let mut slices = Vec::new();
736 for pattern in match_pattern {
737 slices.push(pattern.as_slice());
738 }
739 std::fs::create_dir_all(path)
740 .map_err(|err| format_err!("error while creating directory {:?} - {}", path, err))?;
741
742 let dir = nix::dir::Dir::open(
743 path,
744 nix::fcntl::OFlag::O_DIRECTORY,
745 nix::sys::stat::Mode::empty(),
746 )
747 .map_err(|err| format_err!("unable to open target directory {:?} - {}", path, err))?;
748 let fd = dir.as_raw_fd();
749 let mut dirs = PxarDirStack::new(fd);
750 // An empty match pattern list indicates to restore the full archive.
751 let matched = if slices.is_empty() {
752 MatchType::Positive
753 } else {
754 MatchType::None
755 };
756
757 let header: PxarHeader = self.read_item()?;
758 check_ca_header::<PxarEntry>(&header, PXAR_ENTRY)?;
759 let entry: PxarEntry = self.read_item()?;
760
761 let (mut head, attr) = self
762 .read_attributes()
763 .map_err(|err| format_err!("Reading of directory attributes failed - {}", err))?;
764
765 while head.htype == PXAR_FILENAME {
766 let name = self.read_filename(head.size)?;
767 self.restore_dir_entry(path, &mut dirs, &name, matched, &slices)?;
768 head = self.read_item()?;
769 }
770
771 if head.htype != PXAR_GOODBYE {
772 bail!(
773 "got unknown header type inside directory entry {:016x}",
774 head.htype
775 );
776 }
777
778 if head.size < HEADER_SIZE {
779 bail!("detected short goodbye table");
780 }
781 self.skip_bytes((head.size - HEADER_SIZE) as usize)?;
782
783 self.restore_ugid(&entry, fd)?;
784 // fcaps have to be restored after restore_ugid as chown clears security.capability xattr, see CVE-2015-1350
785 self.restore_attributes(fd, &attr, &entry)?;
786 self.restore_mode(&entry, fd)?;
787 self.restore_mtime(&entry, fd)?;
788
789 Ok(())
790 }
791
792 fn restore_dir_entry(
793 &mut self,
794 base_path: &Path,
795 dirs: &mut PxarDirStack,
796 filename: &OsStr,
797 parent_matched: MatchType,
798 match_pattern: &[MatchPatternSlice],
799 ) -> Result<(), Error> {
800 let relative_path = dirs.as_path_buf();
801 let full_path = base_path.join(&relative_path).join(filename);
802
803 let head: PxarHeader = self.read_item()?;
804 if head.htype == PXAR_FORMAT_HARDLINK {
805 let (target, _offset) = self.read_hardlink(head.size)?;
806 let target_path = base_path.join(&target);
807 if dirs.last_dir_fd().is_some() {
808 if let Some(ref callback) = self.callback {
809 (callback)(&full_path)?;
810 }
811 hardlink(&target_path, &full_path)?;
812 }
813 return Ok(());
814 }
815
816 check_ca_header::<PxarEntry>(&head, PXAR_ENTRY)?;
817 let entry: PxarEntry = self.read_item()?;
818 let ifmt = entry.mode as u32 & libc::S_IFMT;
819
820 let mut child_pattern = Vec::new();
821 // If parent was a match, then children should be assumed to match too
822 // This is especially the case when the full archive is restored and
823 // there are no match pattern.
824 let mut matched = parent_matched;
825 if !match_pattern.is_empty() {
826 match MatchPatternSlice::match_filename_include(
827 &CString::new(filename.as_bytes())?,
828 ifmt == libc::S_IFDIR,
829 match_pattern,
830 )? {
831 (MatchType::None, _) => matched = MatchType::None,
832 (MatchType::Negative, _) => matched = MatchType::Negative,
833 (MatchType::Positive, _) => matched = MatchType::Positive,
834 (match_type, pattern) => {
835 matched = match_type;
836 child_pattern = pattern;
837 }
838 }
839 }
840
841 let fd = if matched == MatchType::Positive {
842 Some(dirs.create_all_dirs(!self.allow_existing_dirs)?)
843 } else {
844 None
845 };
846
847 if fd.is_some() {
848 if let Some(ref callback) = self.callback {
849 (callback)(&full_path)?;
850 }
851 }
852
853 match ifmt {
854 libc::S_IFDIR => {
855 self.restore_dir(base_path, dirs, entry, &filename, matched, &child_pattern)
856 }
857 libc::S_IFLNK => self.restore_symlink(fd, &full_path, &entry, &filename),
858 libc::S_IFSOCK => self.restore_socket(fd, &entry, &filename),
859 libc::S_IFIFO => self.restore_fifo(fd, &entry, &filename),
860 libc::S_IFBLK | libc::S_IFCHR => self.restore_device(fd, &entry, &filename),
861 libc::S_IFREG => self.restore_regular_file(fd, &full_path, &entry, &filename),
862 _ => Ok(()),
863 }
864 }
865
866 /// List/Dump archive content.
867 ///
868 /// Simply print the list of contained files. This dumps archive
869 /// format details when the verbose flag is set (useful for debug).
870 pub fn dump_entry<W: std::io::Write>(
871 &mut self,
872 path: &mut PathBuf,
873 verbose: bool,
874 output: &mut W,
875 ) -> Result<(), Error> {
876 let print_head = |head: &PxarHeader| {
877 println!("Type: {:016x}", head.htype);
878 println!("Size: {}", head.size);
879 };
880
881 let head: PxarHeader = self.read_item()?;
882 if verbose {
883 println!("Path: {:?}", path);
884 print_head(&head);
885 } else {
886 println!("{:?}", path);
887 }
888
889 if head.htype == PXAR_FORMAT_HARDLINK {
890 let (target, offset) = self.read_hardlink(head.size)?;
891 if verbose {
892 println!("Hardlink: {} {:?}", offset, target);
893 }
894 return Ok(());
895 }
896
897 check_ca_header::<PxarEntry>(&head, PXAR_ENTRY)?;
898 let entry: PxarEntry = self.read_item()?;
899
900 if verbose {
901 println!(
902 "Mode: {:08x} {:08x}",
903 entry.mode,
904 (entry.mode as u32) & libc::S_IFDIR
905 );
906 }
907
908 let ifmt = (entry.mode as u32) & libc::S_IFMT;
909
910 if ifmt == libc::S_IFDIR {
911 let mut entry_count = 0;
912
913 loop {
914 let head: PxarHeader = self.read_item()?;
915 if verbose {
916 print_head(&head);
917 }
918
919 // This call covers all the cases of the match statement
920 // regarding extended attributes. These calls will never
921 // break on the loop and can therefore be handled separately.
922 // If the header was matched, true is returned and we can continue
923 if self.dump_if_attribute(&head, verbose)? {
924 continue;
925 }
926
927 match head.htype {
928 PXAR_FILENAME => {
929 let name = self.read_filename(head.size)?;
930 if verbose {
931 println!("Name: {:?}", name);
932 }
933 entry_count += 1;
934 path.push(&name);
935 self.dump_entry(path, verbose, output)?;
936 path.pop();
937 }
938 PXAR_GOODBYE => {
939 let table_size = (head.size - HEADER_SIZE) as usize;
940 if verbose {
941 println!("Goodbye: {:?}", path);
942 self.dump_goodby_entries(entry_count, table_size)?;
943 } else {
944 self.skip_bytes(table_size)?;
945 }
946 break;
947 }
948 _ => panic!("got unexpected header type inside directory"),
949 }
950 }
951 } else if (ifmt == libc::S_IFBLK)
952 || (ifmt == libc::S_IFCHR)
953 || (ifmt == libc::S_IFLNK)
954 || (ifmt == libc::S_IFREG)
955 {
956 loop {
957 let head: PxarHeader = self.read_item()?;
958 if verbose {
959 print_head(&head);
960 }
961
962 // This call covers all the cases of the match statement
963 // regarding extended attributes. These calls will never
964 // break on the loop and can therefore be handled separately.
965 // If the header was matched, true is returned and we can continue
966 if self.dump_if_attribute(&head, verbose)? {
967 continue;
968 }
969
970 match head.htype {
971 PXAR_SYMLINK => {
972 let target = self.read_link(head.size)?;
973 if verbose {
974 println!("Symlink: {:?}", target);
975 }
976 break;
977 }
978 PXAR_DEVICE => {
979 let device: PxarDevice = self.read_item()?;
980 if verbose {
981 println!("Device: {}, {}", device.major, device.minor);
982 }
983 break;
984 }
985 PXAR_PAYLOAD => {
986 let payload_size = (head.size - HEADER_SIZE) as usize;
987 if verbose {
988 println!("Payload: {}", payload_size);
989 }
990 self.skip_bytes(payload_size)?;
991 break;
992 }
993 _ => {
994 panic!("got unexpected header type inside non-directory");
995 }
996 }
997 }
998 } else if ifmt == libc::S_IFIFO {
999 if verbose {
1000 println!("Fifo:");
1001 }
1002 } else if ifmt == libc::S_IFSOCK {
1003 if verbose {
1004 println!("Socket:");
1005 }
1006 } else {
1007 panic!("unknown st_mode");
1008 }
1009 Ok(())
1010 }
1011
1012 fn dump_if_attribute(&mut self, header: &PxarHeader, verbose: bool) -> Result<bool, Error> {
1013 match header.htype {
1014 PXAR_XATTR => {
1015 let xattr = self.read_xattr((header.size - HEADER_SIZE) as usize)?;
1016 if verbose && self.has_features(flags::WITH_XATTRS) {
1017 println!("XAttr: {:?}", xattr);
1018 }
1019 }
1020 PXAR_FCAPS => {
1021 let fcaps = self.read_fcaps((header.size - HEADER_SIZE) as usize)?;
1022 if verbose && self.has_features(flags::WITH_FCAPS) {
1023 println!("FCaps: {:?}", fcaps);
1024 }
1025 }
1026 PXAR_ACL_USER => {
1027 let user = self.read_item::<PxarACLUser>()?;
1028 if verbose && self.has_features(flags::WITH_ACL) {
1029 println!("ACLUser: {:?}", user);
1030 }
1031 }
1032 PXAR_ACL_GROUP => {
1033 let group = self.read_item::<PxarACLGroup>()?;
1034 if verbose && self.has_features(flags::WITH_ACL) {
1035 println!("ACLGroup: {:?}", group);
1036 }
1037 }
1038 PXAR_ACL_GROUP_OBJ => {
1039 let group_obj = self.read_item::<PxarACLGroupObj>()?;
1040 if verbose && self.has_features(flags::WITH_ACL) {
1041 println!("ACLGroupObj: {:?}", group_obj);
1042 }
1043 }
1044 PXAR_ACL_DEFAULT => {
1045 let default = self.read_item::<PxarACLDefault>()?;
1046 if verbose && self.has_features(flags::WITH_ACL) {
1047 println!("ACLDefault: {:?}", default);
1048 }
1049 }
1050 PXAR_ACL_DEFAULT_USER => {
1051 let default_user = self.read_item::<PxarACLUser>()?;
1052 if verbose && self.has_features(flags::WITH_ACL) {
1053 println!("ACLDefaultUser: {:?}", default_user);
1054 }
1055 }
1056 PXAR_ACL_DEFAULT_GROUP => {
1057 let default_group = self.read_item::<PxarACLGroup>()?;
1058 if verbose && self.has_features(flags::WITH_ACL) {
1059 println!("ACLDefaultGroup: {:?}", default_group);
1060 }
1061 }
1062 PXAR_QUOTA_PROJID => {
1063 let quota_projid = self.read_item::<PxarQuotaProjID>()?;
1064 if verbose && self.has_features(flags::WITH_QUOTA_PROJID) {
1065 println!("Quota project id: {:?}", quota_projid);
1066 }
1067 }
1068 _ => return Ok(false),
1069 }
1070
1071 Ok(true)
1072 }
1073
1074 fn dump_goodby_entries(&mut self, entry_count: usize, table_size: usize) -> Result<(), Error> {
1075 const GOODBYE_ITEM_SIZE: usize = std::mem::size_of::<PxarGoodbyeItem>();
1076
1077 if table_size < GOODBYE_ITEM_SIZE {
1078 bail!(
1079 "Goodbye table to small ({} < {})",
1080 table_size,
1081 GOODBYE_ITEM_SIZE
1082 );
1083 }
1084 if (table_size % GOODBYE_ITEM_SIZE) != 0 {
1085 bail!("Goodbye table with strange size ({})", table_size);
1086 }
1087
1088 let entries = table_size / GOODBYE_ITEM_SIZE;
1089
1090 if entry_count != (entries - 1) {
1091 bail!(
1092 "Goodbye table with wrong entry count ({} != {})",
1093 entry_count,
1094 entries - 1
1095 );
1096 }
1097
1098 let mut count = 0;
1099
1100 loop {
1101 let item: PxarGoodbyeItem = self.read_item()?;
1102 count += 1;
1103 if item.hash == PXAR_GOODBYE_TAIL_MARKER {
1104 if count != entries {
1105 bail!("unexpected goodbye tail marker");
1106 }
1107 println!("Goodby tail mark.");
1108 break;
1109 }
1110 println!(
1111 "Goodby item: offset {}, size {}, hash {:016x}",
1112 item.offset, item.size, item.hash
1113 );
1114 if count >= entries {
1115 bail!("too many goodbye items (no tail marker)");
1116 }
1117 }
1118
1119 Ok(())
1120 }
1121 }
1122
1123 fn file_openat(
1124 parent: RawFd,
1125 filename: &OsStr,
1126 flags: OFlag,
1127 mode: Mode,
1128 ) -> Result<std::fs::File, Error> {
1129 let fd =
1130 filename.with_nix_path(|cstr| nix::fcntl::openat(parent, cstr, flags, mode))??;
1131
1132 let file = unsafe { std::fs::File::from_raw_fd(fd) };
1133
1134 Ok(file)
1135 }
1136
1137 fn hardlink(oldpath: &Path, newpath: &Path) -> Result<(), Error> {
1138 oldpath.with_nix_path(|oldpath| {
1139 newpath.with_nix_path(|newpath| {
1140 let res = unsafe { libc::link(oldpath.as_ptr(), newpath.as_ptr()) };
1141 Errno::result(res)?;
1142 Ok(())
1143 })?
1144 })?
1145 }
1146
1147 fn symlinkat(target: &Path, parent: RawFd, linkname: &OsStr) -> Result<(), Error> {
1148 target.with_nix_path(|target| {
1149 linkname.with_nix_path(|linkname| {
1150 let res = unsafe { libc::symlinkat(target.as_ptr(), parent, linkname.as_ptr()) };
1151 Errno::result(res)?;
1152 Ok(())
1153 })?
1154 })?
1155 }
1156
1157 fn nsec_to_update_timespec(mtime_nsec: u64) -> [libc::timespec; 2] {
1158 // restore mtime
1159 const UTIME_OMIT: i64 = ((1 << 30) - 2);
1160 const NANOS_PER_SEC: i64 = 1_000_000_000;
1161
1162 let sec = (mtime_nsec as i64) / NANOS_PER_SEC;
1163 let nsec = (mtime_nsec as i64) % NANOS_PER_SEC;
1164
1165 let times: [libc::timespec; 2] = [
1166 libc::timespec {
1167 tv_sec: 0,
1168 tv_nsec: UTIME_OMIT,
1169 },
1170 libc::timespec {
1171 tv_sec: sec,
1172 tv_nsec: nsec,
1173 },
1174 ];
1175
1176 times
1177 }
Proxmox Backup Server and Client