4 * Capture a WIM image from a NTFS volume. We capture everything we can,
5 * including security data and alternate data streams.
9 * Copyright (C) 2012, 2013 Eric Biggers
11 * This file is part of wimlib, a library for working with WIM files.
13 * wimlib is free software; you can redistribute it and/or modify it under the
14 * terms of the GNU General Public License as published by the Free
15 * Software Foundation; either version 3 of the License, or (at your option)
18 * wimlib is distributed in the hope that it will be useful, but WITHOUT ANY
19 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
20 * A PARTICULAR PURPOSE. See the GNU General Public License for more
23 * You should have received a copy of the GNU General Public License
24 * along with wimlib; if not, see http://www.gnu.org/licenses/.
30 #include <ntfs-3g/endians.h>
31 #include <ntfs-3g/types.h>
33 #include "buffer_io.h"
35 #include "lookup_table.h"
37 #include "wimlib_internal.h"
39 #include <ntfs-3g/layout.h>
40 #include <ntfs-3g/acls.h>
41 #include <ntfs-3g/attrib.h>
42 #include <ntfs-3g/misc.h>
43 #include <ntfs-3g/reparse.h>
44 #include <ntfs-3g/security.h> /* ntfs-3g/security.h before ntfs-3g/xattrs.h */
45 #include <ntfs-3g/xattrs.h>
46 #include <ntfs-3g/volume.h>
55 static inline ntfschar *
56 attr_record_name(ATTR_RECORD *ar)
58 return (ntfschar*)((u8*)ar + le16_to_cpu(ar->name_offset));
61 /* Calculates the SHA1 message digest of a NTFS attribute.
63 * @ni: The NTFS inode containing the attribute.
64 * @ar: The ATTR_RECORD describing the attribute.
65 * @md: If successful, the returned SHA1 message digest.
66 * @reparse_tag_ret: Optional pointer into which the first 4 bytes of the
67 * attribute will be written (to get the reparse
70 * Return 0 on success or nonzero on error.
73 ntfs_attr_sha1sum(ntfs_inode *ni, ATTR_RECORD *ar,
74 u8 md[SHA1_HASH_SIZE],
75 bool is_reparse_point,
80 char buf[BUFFER_SIZE];
84 na = ntfs_attr_open(ni, ar->type, attr_record_name(ar),
87 ERROR_WITH_ERRNO("Failed to open NTFS attribute");
88 return WIMLIB_ERR_NTFS_3G;
91 bytes_remaining = na->data_size;
93 if (is_reparse_point) {
94 if (ntfs_attr_pread(na, 0, 8, buf) != 8)
96 *reparse_tag_ret = le32_to_cpu(*(u32*)buf);
97 DEBUG("ReparseTag = %#x", *reparse_tag_ret);
103 while (bytes_remaining) {
104 s64 to_read = min(bytes_remaining, sizeof(buf));
105 if (ntfs_attr_pread(na, pos, to_read, buf) != to_read)
107 sha1_update(&ctx, buf, to_read);
109 bytes_remaining -= to_read;
111 sha1_final(md, &ctx);
115 ERROR_WITH_ERRNO("Error reading NTFS attribute");
116 return WIMLIB_ERR_NTFS_3G;
119 /* Load the streams from a file or reparse point in the NTFS volume into the WIM
122 capture_ntfs_streams(struct wim_dentry *dentry,
126 struct wim_lookup_table *lookup_table,
127 ntfs_volume **ntfs_vol_p,
130 ntfs_attr_search_ctx *actx;
131 u8 attr_hash[SHA1_HASH_SIZE];
132 struct ntfs_location *ntfs_loc = NULL;
134 struct wim_lookup_table_entry *lte;
136 DEBUG2("Capturing NTFS data streams from `%s'", path);
138 /* Get context to search the streams of the NTFS file. */
139 actx = ntfs_attr_get_search_ctx(ni, NULL);
141 ERROR_WITH_ERRNO("Cannot get NTFS attribute search "
143 return WIMLIB_ERR_NTFS_3G;
146 /* Capture each data stream or reparse data stream. */
147 while (!ntfs_attr_lookup(type, NULL, 0,
148 CASE_SENSITIVE, 0, NULL, 0, actx))
151 u64 data_size = ntfs_get_attribute_value_length(actx->attr);
152 u64 name_length = actx->attr->name_length;
153 if (data_size == 0) {
155 ERROR_WITH_ERRNO("Failed to get size of attribute of "
157 ret = WIMLIB_ERR_NTFS_3G;
160 /* Empty stream. No lookup table entry is needed. */
163 if (type == AT_REPARSE_POINT && data_size < 8) {
164 ERROR("`%s': reparse point buffer too small",
166 ret = WIMLIB_ERR_NTFS_3G;
169 /* Checksum the stream. */
170 ret = ntfs_attr_sha1sum(ni, actx->attr, attr_hash,
171 type == AT_REPARSE_POINT, &reparse_tag);
175 if (type == AT_REPARSE_POINT)
176 dentry->d_inode->i_reparse_tag = reparse_tag;
178 /* Make a lookup table entry for the stream, or use an existing
179 * one if there's already an identical stream. */
180 lte = __lookup_resource(lookup_table, attr_hash);
181 ret = WIMLIB_ERR_NOMEM;
185 ntfs_loc = CALLOC(1, sizeof(*ntfs_loc));
188 ntfs_loc->ntfs_vol_p = ntfs_vol_p;
189 ntfs_loc->path = MALLOC(path_len + 1);
191 goto out_free_ntfs_loc;
192 memcpy(ntfs_loc->path, path, path_len + 1);
194 ntfs_loc->stream_name = MALLOC(name_length * 2);
195 if (!ntfs_loc->stream_name)
196 goto out_free_ntfs_loc;
197 memcpy(ntfs_loc->stream_name,
198 attr_record_name(actx->attr),
199 actx->attr->name_length * 2);
200 ntfs_loc->stream_name_nchars = name_length;
203 lte = new_lookup_table_entry();
205 goto out_free_ntfs_loc;
206 lte->ntfs_loc = ntfs_loc;
207 lte->resource_location = RESOURCE_IN_NTFS_VOLUME;
208 if (type == AT_REPARSE_POINT) {
209 ntfs_loc->is_reparse_point = true;
210 lte->resource_entry.original_size = data_size - 8;
211 lte->resource_entry.size = data_size - 8;
213 ntfs_loc->is_reparse_point = false;
214 lte->resource_entry.original_size = data_size;
215 lte->resource_entry.size = data_size;
218 copy_hash(lte->hash, attr_hash);
219 lookup_table_insert(lookup_table, lte);
222 if (name_length == 0) {
223 /* Unnamed data stream. Put the reference to it in the
225 if (dentry->d_inode->i_lte) {
226 WARNING("Found two un-named data streams for "
228 free_lookup_table_entry(lte);
230 dentry->d_inode->i_lte = lte;
233 /* Named data stream. Put the reference to it in the
234 * alternate data stream entries */
235 struct wim_ads_entry *new_ads_entry;
237 new_ads_entry = inode_add_ads_utf16le(dentry->d_inode,
238 attr_record_name(actx->attr),
242 wimlib_assert(new_ads_entry->stream_name_nbytes == name_length * 2);
243 new_ads_entry->lte = lte;
249 free_lookup_table_entry(lte);
252 FREE(ntfs_loc->path);
253 FREE(ntfs_loc->stream_name);
257 ntfs_attr_put_search_ctx(actx);
259 DEBUG2("Successfully captured NTFS streams from `%s'", path);
261 ERROR("Failed to capture NTFS streams from `%s", path);
265 /* Red-black tree that maps NTFS inode numbers to DOS names */
266 struct dos_name_map {
267 struct rb_root rb_root;
270 struct dos_name_node {
271 struct rb_node rb_node;
277 /* Inserts a new DOS name into the map */
279 insert_dos_name(struct dos_name_map *map, const ntfschar *dos_name,
280 size_t name_nbytes, u64 ntfs_ino)
282 struct dos_name_node *new_node;
284 struct rb_root *root;
285 struct rb_node *rb_parent;
287 DEBUG("DOS name_len = %zu", name_nbytes);
288 new_node = MALLOC(sizeof(struct dos_name_node));
292 /* DOS names are supposed to be 12 characters max (that's 24 bytes,
293 * assuming 2-byte ntfs characters) */
294 wimlib_assert(name_nbytes <= sizeof(new_node->dos_name));
296 /* Initialize the DOS name, DOS name length, and NTFS inode number of
297 * the red-black tree node */
298 memcpy(new_node->dos_name, dos_name, name_nbytes);
299 new_node->name_nbytes = name_nbytes;
300 new_node->ntfs_ino = ntfs_ino;
302 /* Insert the red-black tree node */
303 root = &map->rb_root;
307 struct dos_name_node *this;
309 this = container_of(*p, struct dos_name_node, rb_node);
311 if (new_node->ntfs_ino < this->ntfs_ino)
312 p = &((*p)->rb_left);
313 else if (new_node->ntfs_ino > this->ntfs_ino)
314 p = &((*p)->rb_right);
316 /* This should be impossible since a NTFS inode cannot
317 * have multiple DOS names, and we only should get each
318 * DOS name entry once from the ntfs_readdir() calls. */
319 ERROR("NTFS inode %"PRIu64" has multiple DOS names",
324 rb_link_node(&new_node->rb_node, rb_parent, p);
325 rb_insert_color(&new_node->rb_node, root);
326 DEBUG("Inserted DOS name for inode %"PRIu64, ntfs_ino);
330 /* Returns a structure that contains the DOS name and its length for a NTFS
331 * inode, or NULL if the inode has no DOS name. */
332 static struct dos_name_node *
333 lookup_dos_name(const struct dos_name_map *map, u64 ntfs_ino)
335 struct rb_node *node = map->rb_root.rb_node;
337 struct dos_name_node *this;
338 this = container_of(node, struct dos_name_node, rb_node);
339 if (ntfs_ino < this->ntfs_ino)
340 node = node->rb_left;
341 else if (ntfs_ino > this->ntfs_ino)
342 node = node->rb_right;
350 set_dentry_dos_name(struct wim_dentry *dentry, void *arg)
352 const struct dos_name_map *map = arg;
353 const struct dos_name_node *node;
355 if (dentry->is_win32_name) {
356 node = lookup_dos_name(map, dentry->d_inode->i_ino);
358 dentry->short_name = MALLOC(node->name_nbytes + 2);
359 if (!dentry->short_name)
360 return WIMLIB_ERR_NOMEM;
361 memcpy(dentry->short_name, node->dos_name,
363 dentry->short_name[node->name_nbytes / 2] = 0;
364 dentry->short_name_nbytes = node->name_nbytes;
365 DEBUG("Assigned DOS name to ino %"PRIu64,
366 dentry->d_inode->i_ino);
368 WARNING("NTFS inode %"PRIu64" has Win32 name with no "
369 "corresponding DOS name",
370 dentry->d_inode->i_ino);
377 free_dos_name_tree(struct rb_node *node) {
379 free_dos_name_tree(node->rb_left);
380 free_dos_name_tree(node->rb_right);
381 FREE(container_of(node, struct dos_name_node, rb_node));
386 destroy_dos_name_map(struct dos_name_map *map)
388 free_dos_name_tree(map->rb_root.rb_node);
392 struct wim_dentry *parent;
396 struct wim_lookup_table *lookup_table;
397 struct sd_set *sd_set;
398 struct dos_name_map *dos_name_map;
399 const struct capture_config *config;
400 ntfs_volume **ntfs_vol_p;
402 wimlib_progress_func_t progress_func;
406 build_dentry_tree_ntfs_recursive(struct wim_dentry **root_p, ntfs_inode *dir_ni,
407 ntfs_inode *ni, char path[], size_t path_len,
409 struct wim_lookup_table *lookup_table,
410 struct sd_set *sd_set,
411 const struct capture_config *config,
412 ntfs_volume **ntfs_vol_p,
414 wimlib_progress_func_t progress_func);
417 wim_ntfs_capture_filldir(void *dirent, const ntfschar *name,
418 const int name_nchars, const int name_type,
419 const s64 pos, const MFT_REF mref,
420 const unsigned dt_type)
422 struct readdir_ctx *ctx;
423 size_t mbs_name_nbytes;
425 struct wim_dentry *child;
428 size_t name_nbytes = name_nchars * sizeof(ntfschar);
431 if (name_type & FILE_NAME_DOS) {
432 /* If this is the entry for a DOS name, store it for later. */
433 ret = insert_dos_name(ctx->dos_name_map, name,
434 name_nbytes, mref & MFT_REF_MASK_CPU);
436 /* Return now if an error occurred or if this is just a DOS name
437 * and not a Win32+DOS name. */
438 if (ret != 0 || name_type == FILE_NAME_DOS)
441 ret = utf16le_to_mbs(name, name_nbytes,
442 &mbs_name, &mbs_name_nbytes);
446 if (mbs_name[0] == '.' &&
447 (mbs_name[1] == '\0' ||
448 (mbs_name[1] == '.' && mbs_name[2] == '\0'))) {
451 * note: name_type is POSIX for these, so DOS names will not
452 * have been inserted for them. */
454 goto out_free_mbs_name;
457 /* Open the inode for this directory entry and recursively capture the
458 * directory tree rooted at it */
459 ntfs_inode *ni = ntfs_inode_open(ctx->dir_ni->vol, mref);
461 ERROR_WITH_ERRNO("Failed to open NTFS inode");
462 goto out_free_mbs_name;
464 path_len = ctx->path_len;
466 ctx->path[path_len++] = '/';
467 memcpy(ctx->path + path_len, mbs_name, mbs_name_nbytes + 1);
468 path_len += mbs_name_nbytes;
470 ret = build_dentry_tree_ntfs_recursive(&child, ctx->dir_ni,
471 ni, ctx->path, path_len, name_type,
472 ctx->lookup_table, ctx->sd_set,
473 ctx->config, ctx->ntfs_vol_p,
474 ctx->add_image_flags,
477 dentry_add_child(ctx->parent, child);
478 ntfs_inode_close(ni);
484 /* Recursively build a WIM dentry tree corresponding to a NTFS volume.
485 * At the same time, update the WIM lookup table with lookup table entries for
486 * the NTFS streams, and build an array of security descriptors.
489 build_dentry_tree_ntfs_recursive(struct wim_dentry **root_p,
495 struct wim_lookup_table *lookup_table,
496 struct sd_set *sd_set,
497 const struct capture_config *config,
498 ntfs_volume **ntfs_vol_p,
500 wimlib_progress_func_t progress_func)
504 struct wim_dentry *root;
506 if (exclude_path(path, config, false)) {
507 /* Exclude a file or directory tree based on the capture
508 * configuration file */
509 if ((add_image_flags & WIMLIB_ADD_IMAGE_FLAG_VERBOSE)
512 union wimlib_progress_info info;
513 info.scan.cur_path = path;
514 info.scan.excluded = true;
515 progress_func(WIMLIB_PROGRESS_MSG_SCAN_DENTRY, &info);
521 /* Get file attributes */
522 struct SECURITY_CONTEXT ctx;
523 memset(&ctx, 0, sizeof(ctx));
525 ret = ntfs_xattr_system_getxattr(&ctx, XATTR_NTFS_ATTRIB,
526 ni, dir_ni, (char *)&attributes,
529 ERROR_WITH_ERRNO("Failed to get NTFS attributes from `%s'",
531 return WIMLIB_ERR_NTFS_3G;
534 if ((add_image_flags & WIMLIB_ADD_IMAGE_FLAG_VERBOSE)
537 union wimlib_progress_info info;
538 info.scan.cur_path = path;
539 info.scan.excluded = false;
540 progress_func(WIMLIB_PROGRESS_MSG_SCAN_DENTRY, &info);
543 /* Create the new WIM dentry */
544 ret = new_dentry_with_timeless_inode(path_basename(path), &root);
550 if (name_type & FILE_NAME_WIN32) /* Win32 or Win32+DOS name */
551 root->is_win32_name = 1;
552 root->d_inode->i_creation_time = le64_to_cpu(ni->creation_time);
553 root->d_inode->i_last_write_time = le64_to_cpu(ni->last_data_change_time);
554 root->d_inode->i_last_access_time = le64_to_cpu(ni->last_access_time);
555 root->d_inode->i_attributes = le32_to_cpu(attributes);
556 root->d_inode->i_ino = ni->mft_no;
557 root->d_inode->i_resolved = 1;
559 if (attributes & FILE_ATTR_REPARSE_POINT) {
560 /* Junction point, symbolic link, or other reparse point */
561 ret = capture_ntfs_streams(root, ni, path, path_len,
562 lookup_table, ntfs_vol_p,
564 } else if (ni->mrec->flags & MFT_RECORD_IS_DIRECTORY) {
566 /* Normal directory */
568 struct dos_name_map dos_name_map = { .rb_root = {.rb_node = NULL} };
569 struct readdir_ctx ctx = {
573 .path_len = path_len,
574 .lookup_table = lookup_table,
576 .dos_name_map = &dos_name_map,
578 .ntfs_vol_p = ntfs_vol_p,
579 .add_image_flags = add_image_flags,
580 .progress_func = progress_func,
582 ret = ntfs_readdir(ni, &pos, &ctx, wim_ntfs_capture_filldir);
584 ERROR_WITH_ERRNO("ntfs_readdir()");
585 ret = WIMLIB_ERR_NTFS_3G;
587 ret = for_dentry_child(root, set_dentry_dos_name,
590 destroy_dos_name_map(&dos_name_map);
593 ret = capture_ntfs_streams(root, ni, path, path_len,
594 lookup_table, ntfs_vol_p,
600 /* Get security descriptor */
604 ret = ntfs_xattr_system_getxattr(&ctx, XATTR_NTFS_ACL,
607 if (ret > sizeof(sd)) {
609 ret = ntfs_xattr_system_getxattr(&ctx, XATTR_NTFS_ACL,
610 ni, dir_ni, sd, ret);
613 root->d_inode->i_security_id = sd_set_add_sd(sd_set, sd, ret);
614 if (root->d_inode->i_security_id == -1) {
615 ERROR("Out of memory");
616 return WIMLIB_ERR_NOMEM;
618 DEBUG("Added security ID = %u for `%s'",
619 root->d_inode->i_security_id, path);
621 } else if (ret < 0) {
622 ERROR_WITH_ERRNO("Failed to get security information from "
624 ret = WIMLIB_ERR_NTFS_3G;
626 root->d_inode->i_security_id = -1;
627 DEBUG("No security ID for `%s'", path);
633 build_dentry_tree_ntfs(struct wim_dentry **root_p,
634 const mbchar *device,
635 struct wim_lookup_table *lookup_table,
636 struct wim_security_data *sd,
637 const struct capture_config *config,
639 wimlib_progress_func_t progress_func,
645 struct sd_set sd_set = {
649 ntfs_volume **ntfs_vol_p = extra_arg;
651 DEBUG("Mounting NTFS volume `%s' read-only", device);
653 #ifdef HAVE_NTFS_MNT_RDONLY
655 vol = ntfs_mount(device, NTFS_MNT_RDONLY);
657 /* NTFS-3g 2011, 2012 */
658 vol = ntfs_mount(device, MS_RDONLY);
661 ERROR_WITH_ERRNO("Failed to mount NTFS volume `%s' read-only",
663 return WIMLIB_ERR_NTFS_3G;
665 ntfs_open_secure(vol);
667 /* We don't want to capture the special NTFS files such as $Bitmap. Not
668 * to be confused with "hidden" or "system" files which are real files
669 * that we do need to capture. */
670 NVolClearShowSysFiles(vol);
672 DEBUG("Opening root NTFS dentry");
673 root_ni = ntfs_inode_open(vol, FILE_root);
675 ERROR_WITH_ERRNO("Failed to open root inode of NTFS volume "
677 ret = WIMLIB_ERR_NTFS_3G;
681 /* Currently we assume that all the paths fit into this length and there
682 * is no check for overflow. */
683 mbchar *path = MALLOC(32768);
685 ERROR("Could not allocate memory for NTFS pathname");
686 ret = WIMLIB_ERR_NOMEM;
692 ret = build_dentry_tree_ntfs_recursive(root_p, NULL, root_ni, path, 1,
693 FILE_NAME_POSIX, lookup_table,
700 ntfs_inode_close(root_ni);
701 destroy_sd_set(&sd_set);
703 ntfs_index_ctx_put(vol->secure_xsii);
704 ntfs_index_ctx_put(vol->secure_xsdh);
705 ntfs_inode_close(vol->secure_ni);
708 if (ntfs_umount(vol, FALSE) != 0) {
709 ERROR_WITH_ERRNO("Failed to unmount NTFS volume `%s'",
712 ret = WIMLIB_ERR_NTFS_3G;
715 /* We need to leave the NTFS volume mounted so that we can read
716 * the NTFS files again when we are actually writing the WIM */