4 * Capture a WIM image from a NTFS volume. We capture everything we can,
5 * including security data and alternate data streams.
9 * Copyright (C) 2012, 2013 Eric Biggers
11 * This file is part of wimlib, a library for working with WIM files.
13 * wimlib is free software; you can redistribute it and/or modify it under the
14 * terms of the GNU General Public License as published by the Free
15 * Software Foundation; either version 3 of the License, or (at your option)
18 * wimlib is distributed in the hope that it will be useful, but WITHOUT ANY
19 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
20 * A PARTICULAR PURPOSE. See the GNU General Public License for more
23 * You should have received a copy of the GNU General Public License
24 * along with wimlib; if not, see http://www.gnu.org/licenses/.
30 #include <ntfs-3g/endians.h>
31 #include <ntfs-3g/types.h>
33 #include "buffer_io.h"
35 #include "lookup_table.h"
37 #include "wimlib_internal.h"
39 #include <ntfs-3g/layout.h>
40 #include <ntfs-3g/acls.h>
41 #include <ntfs-3g/attrib.h>
42 #include <ntfs-3g/misc.h>
43 #include <ntfs-3g/reparse.h>
44 #include <ntfs-3g/security.h> /* ntfs-3g/security.h before ntfs-3g/xattrs.h */
45 #include <ntfs-3g/xattrs.h>
46 #include <ntfs-3g/volume.h>
55 static inline ntfschar *
56 attr_record_name(ATTR_RECORD *ar)
58 return (ntfschar*)((u8*)ar + le16_to_cpu(ar->name_offset));
61 /* Calculates the SHA1 message digest of a NTFS attribute.
63 * @ni: The NTFS inode containing the attribute.
64 * @ar: The ATTR_RECORD describing the attribute.
65 * @md: If successful, the returned SHA1 message digest.
66 * @reparse_tag_ret: Optional pointer into which the first 4 bytes of the
67 * attribute will be written (to get the reparse
70 * Return 0 on success or nonzero on error.
73 ntfs_attr_sha1sum(ntfs_inode *ni, ATTR_RECORD *ar,
74 u8 md[SHA1_HASH_SIZE],
75 bool is_reparse_point,
80 char buf[BUFFER_SIZE];
84 na = ntfs_attr_open(ni, ar->type, attr_record_name(ar),
87 ERROR_WITH_ERRNO("Failed to open NTFS attribute");
88 return WIMLIB_ERR_NTFS_3G;
91 bytes_remaining = na->data_size;
93 if (is_reparse_point) {
94 if (ntfs_attr_pread(na, 0, 8, buf) != 8)
96 *reparse_tag_ret = le32_to_cpu(*(u32*)buf);
97 DEBUG("ReparseTag = %#x", *reparse_tag_ret);
103 while (bytes_remaining) {
104 s64 to_read = min(bytes_remaining, sizeof(buf));
105 if (ntfs_attr_pread(na, pos, to_read, buf) != to_read)
107 sha1_update(&ctx, buf, to_read);
109 bytes_remaining -= to_read;
111 sha1_final(md, &ctx);
115 ERROR_WITH_ERRNO("Error reading NTFS attribute");
116 return WIMLIB_ERR_NTFS_3G;
119 /* Load the streams from a file or reparse point in the NTFS volume into the WIM
122 capture_ntfs_streams(struct wim_dentry *dentry,
126 struct wim_lookup_table *lookup_table,
127 ntfs_volume **ntfs_vol_p,
130 ntfs_attr_search_ctx *actx;
131 u8 attr_hash[SHA1_HASH_SIZE];
132 struct ntfs_location *ntfs_loc = NULL;
134 struct wim_lookup_table_entry *lte;
136 DEBUG2("Capturing NTFS data streams from `%s'", path);
138 /* Get context to search the streams of the NTFS file. */
139 actx = ntfs_attr_get_search_ctx(ni, NULL);
141 ERROR_WITH_ERRNO("Cannot get NTFS attribute search "
143 return WIMLIB_ERR_NTFS_3G;
146 /* Capture each data stream or reparse data stream. */
147 while (!ntfs_attr_lookup(type, NULL, 0,
148 CASE_SENSITIVE, 0, NULL, 0, actx))
151 u64 data_size = ntfs_get_attribute_value_length(actx->attr);
152 u64 name_length = actx->attr->name_length;
153 if (data_size == 0) {
155 ERROR_WITH_ERRNO("Failed to get size of attribute of "
157 ret = WIMLIB_ERR_NTFS_3G;
160 /* Empty stream. No lookup table entry is needed. */
163 if (type == AT_REPARSE_POINT && data_size < 8) {
164 ERROR("`%s': reparse point buffer too small",
166 ret = WIMLIB_ERR_NTFS_3G;
169 /* Checksum the stream. */
170 ret = ntfs_attr_sha1sum(ni, actx->attr, attr_hash,
171 type == AT_REPARSE_POINT, &reparse_tag);
175 if (type == AT_REPARSE_POINT)
176 dentry->d_inode->i_reparse_tag = reparse_tag;
178 /* Make a lookup table entry for the stream, or use an existing
179 * one if there's already an identical stream. */
180 lte = __lookup_resource(lookup_table, attr_hash);
181 ret = WIMLIB_ERR_NOMEM;
185 ntfs_loc = CALLOC(1, sizeof(*ntfs_loc));
188 ntfs_loc->ntfs_vol_p = ntfs_vol_p;
189 ntfs_loc->path = MALLOC(path_len + 1);
191 goto out_free_ntfs_loc;
192 memcpy(ntfs_loc->path, path, path_len + 1);
194 ntfs_loc->stream_name = MALLOC(name_length * 2);
195 if (!ntfs_loc->stream_name)
196 goto out_free_ntfs_loc;
197 memcpy(ntfs_loc->stream_name,
198 attr_record_name(actx->attr),
199 actx->attr->name_length * 2);
200 ntfs_loc->stream_name_nchars = name_length;
203 lte = new_lookup_table_entry();
205 goto out_free_ntfs_loc;
206 lte->ntfs_loc = ntfs_loc;
207 lte->resource_location = RESOURCE_IN_NTFS_VOLUME;
208 if (type == AT_REPARSE_POINT) {
209 ntfs_loc->is_reparse_point = true;
210 lte->resource_entry.original_size = data_size - 8;
211 lte->resource_entry.size = data_size - 8;
213 ntfs_loc->is_reparse_point = false;
214 lte->resource_entry.original_size = data_size;
215 lte->resource_entry.size = data_size;
218 copy_hash(lte->hash, attr_hash);
219 lookup_table_insert(lookup_table, lte);
222 if (name_length == 0) {
223 /* Unnamed data stream. Put the reference to it in the
225 if (dentry->d_inode->i_lte) {
226 WARNING("Found two un-named data streams for "
228 free_lookup_table_entry(lte);
230 dentry->d_inode->i_lte = lte;
233 /* Named data stream. Put the reference to it in the
234 * alternate data stream entries */
235 struct wim_ads_entry *new_ads_entry;
237 new_ads_entry = inode_add_ads_utf16le(dentry->d_inode,
238 attr_record_name(actx->attr),
242 wimlib_assert(new_ads_entry->stream_name_nbytes == name_length * 2);
243 new_ads_entry->lte = lte;
249 free_lookup_table_entry(lte);
252 FREE(ntfs_loc->path);
253 FREE(ntfs_loc->stream_name);
257 ntfs_attr_put_search_ctx(actx);
259 DEBUG2("Successfully captured NTFS streams from `%s'", path);
261 ERROR("Failed to capture NTFS streams from `%s", path);
265 /* Red-black tree that maps NTFS inode numbers to DOS names */
266 struct dos_name_map {
267 struct rb_root rb_root;
270 struct dos_name_node {
271 struct rb_node rb_node;
277 /* Inserts a new DOS name into the map */
279 insert_dos_name(struct dos_name_map *map, const ntfschar *dos_name,
280 size_t name_nbytes, u64 ntfs_ino)
282 struct dos_name_node *new_node;
284 struct rb_root *root;
285 struct rb_node *rb_parent;
287 DEBUG("DOS name_len = %zu", name_nbytes);
288 new_node = MALLOC(sizeof(struct dos_name_node));
292 /* DOS names are supposed to be 12 characters max (that's 24 bytes,
293 * assuming 2-byte ntfs characters) */
294 wimlib_assert(name_nbytes <= sizeof(new_node->dos_name));
296 /* Initialize the DOS name, DOS name length, and NTFS inode number of
297 * the red-black tree node */
298 memcpy(new_node->dos_name, dos_name, name_nbytes);
299 new_node->name_nbytes = name_nbytes;
300 new_node->ntfs_ino = ntfs_ino;
302 /* Insert the red-black tree node */
303 root = &map->rb_root;
307 struct dos_name_node *this;
309 this = container_of(*p, struct dos_name_node, rb_node);
311 if (new_node->ntfs_ino < this->ntfs_ino)
312 p = &((*p)->rb_left);
313 else if (new_node->ntfs_ino > this->ntfs_ino)
314 p = &((*p)->rb_right);
316 /* This should be impossible since a NTFS inode cannot
317 * have multiple DOS names, and we only should get each
318 * DOS name entry once from the ntfs_readdir() calls. */
319 ERROR("NTFS inode %"PRIu64" has multiple DOS names",
324 rb_link_node(&new_node->rb_node, rb_parent, p);
325 rb_insert_color(&new_node->rb_node, root);
326 DEBUG("Inserted DOS name for inode %"PRIu64, ntfs_ino);
330 /* Returns a structure that contains the DOS name and its length for a NTFS
331 * inode, or NULL if the inode has no DOS name. */
332 static struct dos_name_node *
333 lookup_dos_name(const struct dos_name_map *map, u64 ntfs_ino)
335 struct rb_node *node = map->rb_root.rb_node;
337 struct dos_name_node *this;
338 this = container_of(node, struct dos_name_node, rb_node);
339 if (ntfs_ino < this->ntfs_ino)
340 node = node->rb_left;
341 else if (ntfs_ino > this->ntfs_ino)
342 node = node->rb_right;
350 set_dentry_dos_name(struct wim_dentry *dentry, void *arg)
352 const struct dos_name_map *map = arg;
353 const struct dos_name_node *node;
355 if (dentry->is_win32_name) {
356 node = lookup_dos_name(map, dentry->d_inode->i_ino);
358 dentry->short_name = MALLOC(node->name_nbytes + 2);
359 if (!dentry->short_name)
360 return WIMLIB_ERR_NOMEM;
361 memcpy(dentry->short_name, node->dos_name,
363 dentry->short_name[node->name_nbytes / 2] = 0;
364 dentry->short_name_nbytes = node->name_nbytes;
365 DEBUG("Assigned DOS name to ino %"PRIu64,
366 dentry->d_inode->i_ino);
368 WARNING("NTFS inode %"PRIu64" has Win32 name with no "
369 "corresponding DOS name",
370 dentry->d_inode->i_ino);
377 free_dos_name_tree(struct rb_node *node) {
379 free_dos_name_tree(node->rb_left);
380 free_dos_name_tree(node->rb_right);
381 FREE(container_of(node, struct dos_name_node, rb_node));
386 destroy_dos_name_map(struct dos_name_map *map)
388 free_dos_name_tree(map->rb_root.rb_node);
392 struct wim_dentry *parent;
396 struct wim_lookup_table *lookup_table;
397 struct sd_set *sd_set;
398 struct dos_name_map *dos_name_map;
399 const struct capture_config *config;
400 ntfs_volume **ntfs_vol_p;
402 wimlib_progress_func_t progress_func;
406 build_dentry_tree_ntfs_recursive(struct wim_dentry **root_p,
412 struct wim_lookup_table *lookup_table,
413 struct sd_set *sd_set,
414 const struct capture_config *config,
415 ntfs_volume **ntfs_vol_p,
417 wimlib_progress_func_t progress_func);
420 wim_ntfs_capture_filldir(void *dirent, const ntfschar *name,
421 const int name_nchars, const int name_type,
422 const s64 pos, const MFT_REF mref,
423 const unsigned dt_type)
425 struct readdir_ctx *ctx;
426 size_t mbs_name_nbytes;
428 struct wim_dentry *child;
431 size_t name_nbytes = name_nchars * sizeof(ntfschar);
434 if (name_type & FILE_NAME_DOS) {
435 /* If this is the entry for a DOS name, store it for later. */
436 ret = insert_dos_name(ctx->dos_name_map, name,
437 name_nbytes, mref & MFT_REF_MASK_CPU);
439 /* Return now if an error occurred or if this is just a DOS name
440 * and not a Win32+DOS name. */
441 if (ret != 0 || name_type == FILE_NAME_DOS)
444 ret = utf16le_to_tstr(name, name_nbytes,
445 &mbs_name, &mbs_name_nbytes);
449 if (mbs_name[0] == '.' &&
450 (mbs_name[1] == '\0' ||
451 (mbs_name[1] == '.' && mbs_name[2] == '\0'))) {
454 * note: name_type is POSIX for these, so DOS names will not
455 * have been inserted for them. */
457 goto out_free_mbs_name;
460 /* Open the inode for this directory entry and recursively capture the
461 * directory tree rooted at it */
462 ntfs_inode *ni = ntfs_inode_open(ctx->dir_ni->vol, mref);
464 ERROR_WITH_ERRNO("Failed to open NTFS inode");
466 goto out_free_mbs_name;
468 path_len = ctx->path_len;
470 ctx->path[path_len++] = '/';
471 memcpy(ctx->path + path_len, mbs_name, mbs_name_nbytes + 1);
472 path_len += mbs_name_nbytes;
474 ret = build_dentry_tree_ntfs_recursive(&child, ctx->dir_ni,
475 ni, ctx->path, path_len, name_type,
476 ctx->lookup_table, ctx->sd_set,
477 ctx->config, ctx->ntfs_vol_p,
478 ctx->add_image_flags,
481 dentry_add_child(ctx->parent, child);
482 ntfs_inode_close(ni);
489 /* Recursively build a WIM dentry tree corresponding to a NTFS volume.
490 * At the same time, update the WIM lookup table with lookup table entries for
491 * the NTFS streams, and build an array of security descriptors.
494 build_dentry_tree_ntfs_recursive(struct wim_dentry **root_p,
500 struct wim_lookup_table *lookup_table,
501 struct sd_set *sd_set,
502 const struct capture_config *config,
503 ntfs_volume **ntfs_vol_p,
505 wimlib_progress_func_t progress_func)
509 struct wim_dentry *root;
511 if (exclude_path(path, path_len, config, false)) {
512 /* Exclude a file or directory tree based on the capture
513 * configuration file */
514 if ((add_image_flags & WIMLIB_ADD_IMAGE_FLAG_EXCLUDE_VERBOSE)
517 union wimlib_progress_info info;
518 info.scan.cur_path = path;
519 info.scan.excluded = true;
520 progress_func(WIMLIB_PROGRESS_MSG_SCAN_DENTRY, &info);
526 /* Get file attributes */
527 struct SECURITY_CONTEXT ctx;
528 memset(&ctx, 0, sizeof(ctx));
530 ret = ntfs_xattr_system_getxattr(&ctx, XATTR_NTFS_ATTRIB,
531 ni, dir_ni, (char *)&attributes,
534 ERROR_WITH_ERRNO("Failed to get NTFS attributes from `%s'",
536 return WIMLIB_ERR_NTFS_3G;
539 if ((add_image_flags & WIMLIB_ADD_IMAGE_FLAG_VERBOSE)
542 union wimlib_progress_info info;
543 info.scan.cur_path = path;
544 info.scan.excluded = false;
545 progress_func(WIMLIB_PROGRESS_MSG_SCAN_DENTRY, &info);
548 /* Create the new WIM dentry */
549 ret = new_dentry_with_timeless_inode(path_basename_with_len(path, path_len),
556 if (name_type & FILE_NAME_WIN32) /* Win32 or Win32+DOS name */
557 root->is_win32_name = 1;
558 root->d_inode->i_creation_time = le64_to_cpu(ni->creation_time);
559 root->d_inode->i_last_write_time = le64_to_cpu(ni->last_data_change_time);
560 root->d_inode->i_last_access_time = le64_to_cpu(ni->last_access_time);
561 root->d_inode->i_attributes = le32_to_cpu(attributes);
562 root->d_inode->i_ino = ni->mft_no;
563 root->d_inode->i_resolved = 1;
565 if (attributes & FILE_ATTR_REPARSE_POINT) {
566 /* Junction point, symbolic link, or other reparse point */
567 ret = capture_ntfs_streams(root, ni, path, path_len,
568 lookup_table, ntfs_vol_p,
570 } else if (ni->mrec->flags & MFT_RECORD_IS_DIRECTORY) {
572 /* Normal directory */
574 struct dos_name_map dos_name_map = { .rb_root = {.rb_node = NULL} };
575 struct readdir_ctx ctx = {
579 .path_len = path_len,
580 .lookup_table = lookup_table,
582 .dos_name_map = &dos_name_map,
584 .ntfs_vol_p = ntfs_vol_p,
585 .add_image_flags = add_image_flags,
586 .progress_func = progress_func,
588 ret = ntfs_readdir(ni, &pos, &ctx, wim_ntfs_capture_filldir);
590 ERROR_WITH_ERRNO("ntfs_readdir()");
591 ret = WIMLIB_ERR_NTFS_3G;
593 ret = for_dentry_child(root, set_dentry_dos_name,
596 destroy_dos_name_map(&dos_name_map);
599 ret = capture_ntfs_streams(root, ni, path, path_len,
600 lookup_table, ntfs_vol_p,
606 if (!(add_image_flags & WIMLIB_ADD_IMAGE_FLAG_NO_ACLS)) {
607 /* Get security descriptor */
611 ret = ntfs_xattr_system_getxattr(&ctx, XATTR_NTFS_ACL,
614 if (ret > sizeof(sd)) {
616 ret = ntfs_xattr_system_getxattr(&ctx, XATTR_NTFS_ACL,
617 ni, dir_ni, sd, ret);
620 root->d_inode->i_security_id = sd_set_add_sd(sd_set, sd, ret);
621 if (root->d_inode->i_security_id == -1) {
622 ERROR("Out of memory");
623 return WIMLIB_ERR_NOMEM;
625 DEBUG("Added security ID = %u for `%s'",
626 root->d_inode->i_security_id, path);
628 } else if (ret < 0) {
629 ERROR_WITH_ERRNO("Failed to get security information from "
631 ret = WIMLIB_ERR_NTFS_3G;
633 root->d_inode->i_security_id = -1;
634 DEBUG("No security ID for `%s'", path);
641 build_dentry_tree_ntfs(struct wim_dentry **root_p,
643 struct wim_lookup_table *lookup_table,
644 struct sd_set *sd_set,
645 const struct capture_config *config,
647 wimlib_progress_func_t progress_func,
653 ntfs_volume **ntfs_vol_p = extra_arg;
655 DEBUG("Mounting NTFS volume `%s' read-only", device);
657 #ifdef HAVE_NTFS_MNT_RDONLY
659 vol = ntfs_mount(device, NTFS_MNT_RDONLY);
661 /* NTFS-3g 2011, 2012 */
662 vol = ntfs_mount(device, MS_RDONLY);
665 ERROR_WITH_ERRNO("Failed to mount NTFS volume `%s' read-only",
667 return WIMLIB_ERR_NTFS_3G;
669 ntfs_open_secure(vol);
671 /* We don't want to capture the special NTFS files such as $Bitmap. Not
672 * to be confused with "hidden" or "system" files which are real files
673 * that we do need to capture. */
674 NVolClearShowSysFiles(vol);
676 DEBUG("Opening root NTFS dentry");
677 root_ni = ntfs_inode_open(vol, FILE_root);
679 ERROR_WITH_ERRNO("Failed to open root inode of NTFS volume "
681 ret = WIMLIB_ERR_NTFS_3G;
685 /* Currently we assume that all the paths fit into this length and there
686 * is no check for overflow. */
687 char *path = MALLOC(32768);
689 ERROR("Could not allocate memory for NTFS pathname");
690 ret = WIMLIB_ERR_NOMEM;
696 ret = build_dentry_tree_ntfs_recursive(root_p, NULL, root_ni, path, 1,
697 FILE_NAME_POSIX, lookup_table,
704 ntfs_inode_close(root_ni);
706 ntfs_index_ctx_put(vol->secure_xsii);
707 ntfs_index_ctx_put(vol->secure_xsdh);
708 ntfs_inode_close(vol->secure_ni);
711 if (ntfs_umount(vol, FALSE) != 0) {
712 ERROR_WITH_ERRNO("Failed to unmount NTFS volume `%s'",
715 ret = WIMLIB_ERR_NTFS_3G;
718 /* We need to leave the NTFS volume mounted so that we can read
719 * the NTFS files again when we are actually writing the WIM */