+ {
+ struct timespec times[2];
+
+ times[0] = wim_timestamp_to_timespec(atime);
+ times[1] = wim_timestamp_to_timespec(mtime);
+
+ errno = ENOSYS;
+#ifdef HAVE_FUTIMENS
+ if (fd >= 0 && !futimens(fd, times))
+ return 0;
+#endif
+#ifdef HAVE_UTIMENSAT
+ if (fd < 0 && !utimensat(AT_FDCWD, path, times, AT_SYMLINK_NOFOLLOW))
+ return 0;
+#endif
+ if (errno != ENOSYS)
+ return WIMLIB_ERR_SET_TIMESTAMPS;
+ }
+ {
+ struct timeval times[2];
+
+ times[0] = wim_timestamp_to_timeval(atime);
+ times[1] = wim_timestamp_to_timeval(mtime);
+
+ if (fd >= 0 && !futimes(fd, times))
+ return 0;
+ if (fd < 0 && !lutimes(path, times))
+ return 0;
+ return WIMLIB_ERR_SET_TIMESTAMPS;
+ }
+}
+
+static int
+unix_set_owner_and_group(int fd, const char *path, uid_t uid, gid_t gid)
+{
+ if (fd >= 0 && !fchown(fd, uid, gid))
+ return 0;
+ if (fd < 0 && !lchown(path, uid, gid))
+ return 0;
+ return WIMLIB_ERR_SET_SECURITY;
+}
+
+static int
+unix_set_mode(int fd, const char *path, mode_t mode)
+{
+ if (fd >= 0 && !fchmod(fd, mode))
+ return 0;
+ if (fd < 0 && !chmod(path, mode))
+ return 0;
+ return WIMLIB_ERR_SET_SECURITY;
+}
+
+#ifdef HAVE_LINUX_XATTR_SUPPORT
+/* Apply extended attributes to a file */
+static int
+apply_linux_xattrs(int fd, const struct wim_inode *inode,
+ const char *path, struct unix_apply_ctx *ctx,
+ const void *entries, size_t entries_size, bool is_old_format)
+{
+ const void * const entries_end = entries + entries_size;
+ char name[WIM_XATTR_NAME_MAX + 1];
+
+ for (const void *entry = entries;
+ entry < entries_end;
+ entry = is_old_format ? (const void *)old_xattr_entry_next(entry) :
+ (const void *)xattr_entry_next(entry))
+ {
+ bool valid;
+ u16 name_len;
+ const void *value;
+ u32 value_len;
+ int res;
+
+ if (is_old_format) {
+ valid = old_valid_xattr_entry(entry,
+ entries_end - entry);
+ } else {
+ valid = valid_xattr_entry(entry, entries_end - entry);
+ }
+ if (!valid) {
+ if (!path) {
+ path = unix_build_inode_extraction_path(inode,
+ ctx);
+ }
+ ERROR("\"%s\": extended attribute is corrupt or unsupported",
+ path);
+ return WIMLIB_ERR_INVALID_XATTR;
+ }
+ if (is_old_format) {
+ const struct wimlib_xattr_entry_old *e = entry;
+
+ name_len = le16_to_cpu(e->name_len);
+ memcpy(name, e->name, name_len);
+ value = e->name + name_len;
+ value_len = le32_to_cpu(e->value_len);
+ } else {
+ const struct wim_xattr_entry *e = entry;
+
+ name_len = e->name_len;
+ memcpy(name, e->name, name_len);
+ value = e->name + name_len + 1;
+ value_len = le16_to_cpu(e->value_len);
+ }
+ name[name_len] = '\0';
+
+ if (fd >= 0)
+ res = fsetxattr(fd, name, value, value_len, 0);
+ else
+ res = lsetxattr(path, name, value, value_len, 0);
+
+ if (unlikely(res != 0)) {
+ if (!path) {
+ path = unix_build_inode_extraction_path(inode,
+ ctx);
+ }
+ if (is_linux_security_xattr(name) &&
+ (ctx->common.extract_flags &
+ WIMLIB_EXTRACT_FLAG_STRICT_ACLS))
+ {
+ ERROR_WITH_ERRNO("\"%s\": unable to set extended attribute \"%s\"",
+ path, name);
+ return WIMLIB_ERR_SET_XATTR;
+ }
+ WARNING_WITH_ERRNO("\"%s\": unable to set extended attribute \"%s\"",
+ path, name);
+ }
+ }
+ return 0;
+}
+#endif /* HAVE_LINUX_XATTR_SUPPORT */
+
+/*
+ * Apply UNIX-specific metadata to a file if available. This includes standard
+ * UNIX permissions (uid, gid, and mode) and possibly extended attributes too.
+ *
+ * Note that some xattrs which grant privileges, e.g. security.capability, are
+ * cleared by Linux on chown(), even when running as root. Also, when running
+ * as non-root, if we need to chmod() the file to readonly, we can't do that
+ * before setting xattrs because setxattr() requires write permission. These
+ * restrictions result in the following ordering which we follow: chown(),
+ * setxattr(), then chmod().
+ *
+ * N.B. the file may be specified by either 'fd' (for regular files) or 'path',
+ * and it may be a symlink. For symlinks we need lchown() and lsetxattr() but
+ * need to skip the chmod(), since mode bits are not meaningful for symlinks.
+ */
+static int
+apply_unix_metadata(int fd, const struct wim_inode *inode,
+ const char *path, struct unix_apply_ctx *ctx)
+{
+ bool have_dat;
+ struct wimlib_unix_data dat;
+#ifdef HAVE_LINUX_XATTR_SUPPORT
+ const void *entries;
+ u32 entries_size;
+ bool is_old_format;
+#endif
+ int ret;
+
+ have_dat = inode_get_unix_data(inode, &dat);
+
+ if (have_dat) {
+ ret = unix_set_owner_and_group(fd, path, dat.uid, dat.gid);
+ if (ret) {
+ if (!path)
+ path = unix_build_inode_extraction_path(inode, ctx);
+ if (ctx->common.extract_flags &
+ WIMLIB_EXTRACT_FLAG_STRICT_ACLS)
+ {
+ ERROR_WITH_ERRNO("\"%s\": unable to set uid=%"PRIu32" and gid=%"PRIu32,
+ path, dat.uid, dat.gid);
+ return ret;
+ }
+ WARNING_WITH_ERRNO("\"%s\": unable to set uid=%"PRIu32" and gid=%"PRIu32,
+ path, dat.uid, dat.gid);
+ }
+ }
+
+#ifdef HAVE_LINUX_XATTR_SUPPORT
+ entries = inode_get_linux_xattrs(inode, &entries_size, &is_old_format);
+ if (entries) {
+ ret = apply_linux_xattrs(fd, inode, path, ctx,
+ entries, entries_size, is_old_format);
+ if (ret)
+ return ret;
+ }
+#endif
+
+ if (have_dat && !inode_is_symlink(inode)) {
+ ret = unix_set_mode(fd, path, dat.mode);
+ if (ret) {
+ if (!path)
+ path = unix_build_inode_extraction_path(inode, ctx);
+ if (ctx->common.extract_flags &
+ WIMLIB_EXTRACT_FLAG_STRICT_ACLS)
+ {
+ ERROR_WITH_ERRNO("\"%s\": unable to set mode=0%"PRIo32,
+ path, dat.mode);
+ return ret;
+ }
+ WARNING_WITH_ERRNO("\"%s\": unable to set mode=0%"PRIo32,
+ path, dat.mode);
+ }
+ }
+
+ return 0;
+}
+
+/*
+ * Set metadata on an extracted file.
+ *
+ * @fd is an open file descriptor to the extracted file, or -1. @path is the
+ * path to the extracted file, or NULL. If valid, this function uses @fd.
+ * Otherwise, if valid, it uses @path. Otherwise, it calculates the path to one
+ * alias of the extracted file and uses it.
+ */
+static int
+unix_set_metadata(int fd, const struct wim_inode *inode,
+ const char *path, struct unix_apply_ctx *ctx)
+{
+ int ret;
+
+ if (fd < 0 && !path)
+ path = unix_build_inode_extraction_path(inode, ctx);
+
+ if (ctx->common.extract_flags & WIMLIB_EXTRACT_FLAG_UNIX_DATA) {
+ ret = apply_unix_metadata(fd, inode, path, ctx);
+ if (ret)
+ return ret;
+ }
+
+ ret = unix_set_timestamps(fd, path, inode->i_last_access_time,
+ inode->i_last_write_time);
+ if (ret) {
+ if (!path)
+ path = unix_build_inode_extraction_path(inode, ctx);
+ if (ctx->common.extract_flags &
+ WIMLIB_EXTRACT_FLAG_STRICT_TIMESTAMPS)
+ {
+ ERROR_WITH_ERRNO("\"%s\": unable to set timestamps", path);
+ return ret;
+ }
+ WARNING_WITH_ERRNO("\"%s\": unable to set timestamps", path);
+ }
+