4 * Capture a WIM image from a NTFS volume. We capture everything we can,
5 * including security data and alternate data streams.
9 * Copyright (C) 2012 Eric Biggers
11 * This file is part of wimlib, a library for working with WIM files.
13 * wimlib is free software; you can redistribute it and/or modify it under the
14 * terms of the GNU General Public License as published by the Free
15 * Software Foundation; either version 3 of the License, or (at your option)
18 * wimlib is distributed in the hope that it will be useful, but WITHOUT ANY
19 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
20 * A PARTICULAR PURPOSE. See the GNU General Public License for more
23 * You should have received a copy of the GNU General Public License
24 * along with wimlib; if not, see http://www.gnu.org/licenses/.
30 #include <ntfs-3g/endians.h>
31 #include <ntfs-3g/types.h>
33 #include "wimlib_internal.h"
37 #include "lookup_table.h"
38 #include "buffer_io.h"
39 #include <ntfs-3g/layout.h>
40 #include <ntfs-3g/acls.h>
41 #include <ntfs-3g/attrib.h>
42 #include <ntfs-3g/misc.h>
43 #include <ntfs-3g/reparse.h>
44 #include <ntfs-3g/security.h> /* security.h before xattrs.h */
45 #include <ntfs-3g/xattrs.h>
46 #include <ntfs-3g/volume.h>
51 /* Structure that allows searching the security descriptors by SHA1 message
54 struct wim_security_data *sd;
58 /* Binary tree node of security descriptors, indexed by the @hash field. */
61 u8 hash[SHA1_HASH_SIZE];
63 struct sd_node *right;
66 static void free_sd_tree(struct sd_node *root)
69 free_sd_tree(root->left);
70 free_sd_tree(root->right);
74 /* Frees a security descriptor index set. */
75 static void destroy_sd_set(struct sd_set *sd_set)
77 free_sd_tree(sd_set->root);
80 /* Inserts a a new node into the security descriptor index tree. */
81 static void insert_sd_node(struct sd_node *new, struct sd_node *root)
83 int cmp = hashes_cmp(new->hash, root->hash);
86 insert_sd_node(new, root->left);
91 insert_sd_node(new, root->right);
99 /* Returns the security ID of the security data having a SHA1 message digest of
100 * @hash in the security descriptor index tree rooted at @root.
102 * If not found, return -1. */
103 static int lookup_sd(const u8 hash[SHA1_HASH_SIZE], struct sd_node *root)
108 cmp = hashes_cmp(hash, root->hash);
110 return lookup_sd(hash, root->left);
112 return lookup_sd(hash, root->right);
114 return root->security_id;
118 * Adds a security descriptor to the indexed security descriptor set as well as
119 * the corresponding `struct wim_security_data', and returns the new security
120 * ID; or, if there is an existing security descriptor that is the same, return
121 * the security ID for it. If a new security descriptor cannot be allocated,
124 static int sd_set_add_sd(struct sd_set *sd_set, const char descriptor[],
127 u8 hash[SHA1_HASH_SIZE];
133 struct wim_security_data *sd;
135 sha1_buffer((const u8*)descriptor, size, hash);
137 security_id = lookup_sd(hash, sd_set->root);
138 if (security_id >= 0)
141 new = MALLOC(sizeof(*new));
144 descr_copy = MALLOC(size);
150 memcpy(descr_copy, descriptor, size);
151 new->security_id = sd->num_entries;
154 copy_hash(new->hash, hash);
157 descriptors = REALLOC(sd->descriptors,
158 (sd->num_entries + 1) * sizeof(sd->descriptors[0]));
161 sd->descriptors = descriptors;
162 sizes = REALLOC(sd->sizes,
163 (sd->num_entries + 1) * sizeof(sd->sizes[0]));
167 sd->descriptors[sd->num_entries] = descr_copy;
168 sd->sizes[sd->num_entries] = size;
170 DEBUG("There are now %d security descriptors", sd->num_entries);
171 sd->total_length += size + sizeof(sd->sizes[0]);
174 insert_sd_node(new, sd_set->root);
177 return new->security_id;
186 static inline ntfschar *attr_record_name(ATTR_RECORD *ar)
188 return (ntfschar*)((u8*)ar + le16_to_cpu(ar->name_offset));
191 /* Calculates the SHA1 message digest of a NTFS attribute.
193 * @ni: The NTFS inode containing the attribute.
194 * @ar: The ATTR_RECORD describing the attribute.
195 * @md: If successful, the returned SHA1 message digest.
196 * @reparse_tag_ret: Optional pointer into which the first 4 bytes of the
197 * attribute will be written (to get the reparse
200 * Return 0 on success or nonzero on error.
202 static int ntfs_attr_sha1sum(ntfs_inode *ni, ATTR_RECORD *ar,
203 u8 md[SHA1_HASH_SIZE],
204 bool is_reparse_point,
205 u32 *reparse_tag_ret)
209 char buf[BUFFER_SIZE];
213 na = ntfs_attr_open(ni, ar->type, attr_record_name(ar),
216 ERROR_WITH_ERRNO("Failed to open NTFS attribute");
217 return WIMLIB_ERR_NTFS_3G;
220 bytes_remaining = na->data_size;
222 if (is_reparse_point) {
223 if (ntfs_attr_pread(na, 0, 8, buf) != 8)
225 *reparse_tag_ret = le32_to_cpu(*(u32*)buf);
227 bytes_remaining -= 8;
231 while (bytes_remaining) {
232 s64 to_read = min(bytes_remaining, sizeof(buf));
233 if (ntfs_attr_pread(na, pos, to_read, buf) != to_read)
235 sha1_update(&ctx, buf, to_read);
237 bytes_remaining -= to_read;
239 sha1_final(md, &ctx);
243 ERROR_WITH_ERRNO("Error reading NTFS attribute");
244 return WIMLIB_ERR_NTFS_3G;
247 /* Load the streams from a file or reparse point in the NTFS volume into the WIM
249 static int capture_ntfs_streams(struct wim_dentry *dentry, ntfs_inode *ni,
250 char path[], size_t path_len,
251 struct wim_lookup_table *lookup_table,
252 ntfs_volume **ntfs_vol_p,
255 ntfs_attr_search_ctx *actx;
256 u8 attr_hash[SHA1_HASH_SIZE];
257 struct ntfs_location *ntfs_loc = NULL;
259 struct wim_lookup_table_entry *lte;
261 DEBUG2("Capturing NTFS data streams from `%s'", path);
263 /* Get context to search the streams of the NTFS file. */
264 actx = ntfs_attr_get_search_ctx(ni, NULL);
266 ERROR_WITH_ERRNO("Cannot get NTFS attribute search "
268 return WIMLIB_ERR_NTFS_3G;
271 /* Capture each data stream or reparse data stream. */
272 while (!ntfs_attr_lookup(type, NULL, 0,
273 CASE_SENSITIVE, 0, NULL, 0, actx))
275 char *stream_name_utf8;
277 u64 data_size = ntfs_get_attribute_value_length(actx->attr);
278 u64 name_length = actx->attr->name_length;
280 if (data_size == 0) {
282 ERROR_WITH_ERRNO("Failed to get size of attribute of "
284 ret = WIMLIB_ERR_NTFS_3G;
287 /* Empty stream. No lookup table entry is needed. */
290 if (type == AT_REPARSE_POINT && data_size < 8) {
291 ERROR("`%s': reparse point buffer too small",
293 ret = WIMLIB_ERR_NTFS_3G;
296 /* Checksum the stream. */
297 ret = ntfs_attr_sha1sum(ni, actx->attr, attr_hash,
298 type == AT_REPARSE_POINT, &reparse_tag);
302 /* Make a lookup table entry for the stream, or use an existing
303 * one if there's already an identical stream. */
304 lte = __lookup_resource(lookup_table, attr_hash);
305 ret = WIMLIB_ERR_NOMEM;
309 ntfs_loc = CALLOC(1, sizeof(*ntfs_loc));
312 ntfs_loc->ntfs_vol_p = ntfs_vol_p;
313 ntfs_loc->path_utf8 = MALLOC(path_len + 1);
314 if (!ntfs_loc->path_utf8)
315 goto out_free_ntfs_loc;
316 memcpy(ntfs_loc->path_utf8, path, path_len + 1);
318 ntfs_loc->stream_name_utf16 = MALLOC(name_length * 2);
319 if (!ntfs_loc->stream_name_utf16)
320 goto out_free_ntfs_loc;
321 memcpy(ntfs_loc->stream_name_utf16,
322 attr_record_name(actx->attr),
323 actx->attr->name_length * 2);
324 ntfs_loc->stream_name_utf16_num_chars = name_length;
327 lte = new_lookup_table_entry();
329 goto out_free_ntfs_loc;
330 lte->ntfs_loc = ntfs_loc;
331 lte->resource_location = RESOURCE_IN_NTFS_VOLUME;
332 if (type == AT_REPARSE_POINT) {
333 dentry->d_inode->i_reparse_tag = reparse_tag;
334 ntfs_loc->is_reparse_point = true;
335 lte->resource_entry.original_size = data_size - 8;
336 lte->resource_entry.size = data_size - 8;
338 ntfs_loc->is_reparse_point = false;
339 lte->resource_entry.original_size = data_size;
340 lte->resource_entry.size = data_size;
343 DEBUG("Add resource for `%s' (size = %"PRIu64")",
344 dentry->file_name_utf8,
345 lte->resource_entry.original_size);
346 copy_hash(lte->hash, attr_hash);
347 lookup_table_insert(lookup_table, lte);
350 if (name_length == 0) {
351 /* Unnamed data stream. Put the reference to it in the
353 if (dentry->d_inode->i_lte) {
354 ERROR("Found two un-named data streams for "
356 ret = WIMLIB_ERR_NTFS_3G;
359 dentry->d_inode->i_lte = lte;
361 /* Named data stream. Put the reference to it in the
362 * alternate data stream entries */
363 struct wim_ads_entry *new_ads_entry;
364 size_t stream_name_utf8_len;
366 ret = utf16_to_utf8((const char*)attr_record_name(actx->attr),
369 &stream_name_utf8_len);
372 new_ads_entry = inode_add_ads(dentry->d_inode, stream_name_utf8);
373 FREE(stream_name_utf8);
377 wimlib_assert(new_ads_entry->stream_name_len == name_length * 2);
379 new_ads_entry->lte = lte;
385 free_lookup_table_entry(lte);
388 FREE(ntfs_loc->path_utf8);
389 FREE(ntfs_loc->stream_name_utf16);
393 ntfs_attr_put_search_ctx(actx);
395 DEBUG2("Successfully captured NTFS streams from `%s'", path);
397 ERROR("Failed to capture NTFS streams from `%s", path);
402 struct wim_dentry *parent;
406 struct wim_lookup_table *lookup_table;
407 struct sd_set *sd_set;
408 const struct capture_config *config;
409 ntfs_volume **ntfs_vol_p;
411 wimlib_progress_func_t progress_func;
415 build_dentry_tree_ntfs_recursive(struct wim_dentry **root_p, ntfs_inode *dir_ni,
416 ntfs_inode *ni, char path[], size_t path_len,
418 struct wim_lookup_table *lookup_table,
419 struct sd_set *sd_set,
420 const struct capture_config *config,
421 ntfs_volume **ntfs_vol_p,
423 wimlib_progress_func_t progress_func);
425 static int wim_ntfs_capture_filldir(void *dirent, const ntfschar *name,
426 const int name_len, const int name_type,
427 const s64 pos, const MFT_REF mref,
428 const unsigned dt_type)
430 struct readdir_ctx *ctx;
431 size_t utf8_name_len;
433 struct wim_dentry *child = NULL;
437 if (name_type == FILE_NAME_DOS)
440 ret = utf16_to_utf8((const char*)name, name_len * 2,
441 &utf8_name, &utf8_name_len);
445 if (utf8_name[0] == '.' &&
446 (utf8_name[1] == '\0' ||
447 (utf8_name[1] == '.' && utf8_name[2] == '\0'))) {
449 goto out_free_utf8_name;
454 ntfs_inode *ni = ntfs_inode_open(ctx->dir_ni->vol, mref);
456 ERROR_WITH_ERRNO("Failed to open NTFS inode");
457 goto out_free_utf8_name;
459 path_len = ctx->path_len;
461 ctx->path[path_len++] = '/';
462 memcpy(ctx->path + path_len, utf8_name, utf8_name_len + 1);
463 path_len += utf8_name_len;
464 ret = build_dentry_tree_ntfs_recursive(&child, ctx->dir_ni,
465 ni, ctx->path, path_len, name_type,
466 ctx->lookup_table, ctx->sd_set,
467 ctx->config, ctx->ntfs_vol_p,
468 ctx->add_image_flags,
472 dentry_add_child(ctx->parent, child);
474 ntfs_inode_close(ni);
480 static int change_dentry_short_name(struct wim_dentry *dentry,
481 const char short_name_utf8[],
482 int short_name_utf8_len)
484 size_t short_name_utf16_len;
485 char *short_name_utf16;
488 ret = utf8_to_utf16(short_name_utf8, short_name_utf8_len,
489 &short_name_utf16, &short_name_utf16_len);
491 dentry->short_name = short_name_utf16;
492 dentry->short_name_len = short_name_utf16_len;
497 /* Recursively build a WIM dentry tree corresponding to a NTFS volume.
498 * At the same time, update the WIM lookup table with lookup table entries for
499 * the NTFS streams, and build an array of security descriptors.
501 static int build_dentry_tree_ntfs_recursive(struct wim_dentry **root_p,
507 struct wim_lookup_table *lookup_table,
508 struct sd_set *sd_set,
509 const struct capture_config *config,
510 ntfs_volume **ntfs_vol_p,
512 wimlib_progress_func_t progress_func)
517 struct wim_dentry *root;
519 if (exclude_path(path, config, false)) {
520 if ((add_image_flags & WIMLIB_ADD_IMAGE_FLAG_VERBOSE)
523 union wimlib_progress_info info;
524 info.scan.cur_path = path;
525 info.scan.excluded = true;
526 progress_func(WIMLIB_PROGRESS_MSG_SCAN_DENTRY, &info);
532 mrec_flags = ni->mrec->flags;
533 struct SECURITY_CONTEXT ctx;
534 memset(&ctx, 0, sizeof(ctx));
536 ret = ntfs_xattr_system_getxattr(&ctx, XATTR_NTFS_ATTRIB,
537 ni, dir_ni, (char *)&attributes,
540 ERROR_WITH_ERRNO("Failed to get NTFS attributes from `%s'",
542 return WIMLIB_ERR_NTFS_3G;
545 if ((add_image_flags & WIMLIB_ADD_IMAGE_FLAG_VERBOSE)
548 union wimlib_progress_info info;
549 info.scan.cur_path = path;
550 info.scan.excluded = false;
551 progress_func(WIMLIB_PROGRESS_MSG_SCAN_DENTRY, &info);
554 root = new_dentry_with_timeless_inode(path_basename(path));
557 return WIMLIB_ERR_INVALID_UTF8_STRING;
558 else if (errno == ENOMEM)
559 return WIMLIB_ERR_NOMEM;
561 return WIMLIB_ERR_ICONV_NOT_AVAILABLE;
565 if (dir_ni && (name_type == FILE_NAME_WIN32_AND_DOS
566 || name_type == FILE_NAME_WIN32))
568 char dos_name_utf8[12 * 4 + 1] = {0};
569 ret = ntfs_get_ntfs_dos_name(ni, dir_ni, dos_name_utf8,
570 sizeof(dos_name_utf8) - 1);
572 DEBUG("Changing short name of `%s'", path);
573 ret = change_dentry_short_name(root, dos_name_utf8,
579 if (errno != ENODATA) {
580 ERROR_WITH_ERRNO("Error getting DOS name "
582 return WIMLIB_ERR_NTFS_3G;
588 root->d_inode->i_creation_time = le64_to_cpu(ni->creation_time);
589 root->d_inode->i_last_write_time = le64_to_cpu(ni->last_data_change_time);
590 root->d_inode->i_last_access_time = le64_to_cpu(ni->last_access_time);
591 root->d_inode->i_attributes = le32_to_cpu(attributes);
592 root->d_inode->i_ino = ni->mft_no;
593 root->d_inode->i_resolved = 1;
595 if (attributes & FILE_ATTR_REPARSE_POINT) {
596 /* Junction point, symbolic link, or other reparse point */
597 ret = capture_ntfs_streams(root, ni, path, path_len,
598 lookup_table, ntfs_vol_p,
600 } else if (mrec_flags & MFT_RECORD_IS_DIRECTORY) {
602 /* Normal directory */
604 struct readdir_ctx ctx = {
608 .path_len = path_len,
609 .lookup_table = lookup_table,
612 .ntfs_vol_p = ntfs_vol_p,
613 .add_image_flags = add_image_flags,
614 .progress_func = progress_func,
616 ret = ntfs_readdir(ni, &pos, &ctx, wim_ntfs_capture_filldir);
618 ERROR_WITH_ERRNO("ntfs_readdir()");
619 ret = WIMLIB_ERR_NTFS_3G;
623 ret = capture_ntfs_streams(root, ni, path, path_len,
624 lookup_table, ntfs_vol_p,
633 ret = ntfs_xattr_system_getxattr(&ctx, XATTR_NTFS_ACL,
636 if (ret > sizeof(sd)) {
638 ret = ntfs_xattr_system_getxattr(&ctx, XATTR_NTFS_ACL,
639 ni, dir_ni, sd, ret);
642 root->d_inode->i_security_id = sd_set_add_sd(sd_set, sd, ret);
643 if (root->d_inode->i_security_id == -1) {
644 ERROR("Out of memory");
645 return WIMLIB_ERR_NOMEM;
647 DEBUG("Added security ID = %u for `%s'",
648 root->d_inode->i_security_id, path);
650 } else if (ret < 0) {
651 ERROR_WITH_ERRNO("Failed to get security information from "
653 ret = WIMLIB_ERR_NTFS_3G;
655 root->d_inode->i_security_id = -1;
656 DEBUG("No security ID for `%s'", path);
661 int build_dentry_tree_ntfs(struct wim_dentry **root_p,
663 struct wim_lookup_table *lookup_table,
664 struct wim_security_data *sd,
665 const struct capture_config *config,
667 wimlib_progress_func_t progress_func,
673 struct sd_set sd_set = {
677 ntfs_volume **ntfs_vol_p = extra_arg;
679 DEBUG("Mounting NTFS volume `%s' read-only", device);
681 #ifdef HAVE_NTFS_MNT_RDONLY
683 vol = ntfs_mount(device, NTFS_MNT_RDONLY);
685 /* NTFS-3g 2011, 2012 */
686 vol = ntfs_mount(device, MS_RDONLY);
689 ERROR_WITH_ERRNO("Failed to mount NTFS volume `%s' read-only",
691 return WIMLIB_ERR_NTFS_3G;
693 ntfs_open_secure(vol);
695 /* We don't want to capture the special NTFS files such as $Bitmap. Not
696 * to be confused with "hidden" or "system" files which are real files
697 * that we do need to capture. */
698 NVolClearShowSysFiles(vol);
700 DEBUG("Opening root NTFS dentry");
701 root_ni = ntfs_inode_open(vol, FILE_root);
703 ERROR_WITH_ERRNO("Failed to open root inode of NTFS volume "
705 ret = WIMLIB_ERR_NTFS_3G;
709 /* Currently we assume that all the UTF-8 paths fit into this length and
710 * there is no check for overflow. */
711 char *path = MALLOC(32768);
713 ERROR("Could not allocate memory for NTFS pathname");
719 ret = build_dentry_tree_ntfs_recursive(root_p, NULL, root_ni, path, 1,
720 FILE_NAME_POSIX, lookup_table,
721 &sd_set, config, ntfs_vol_p,
726 ntfs_inode_close(root_ni);
727 destroy_sd_set(&sd_set);
730 ntfs_index_ctx_put(vol->secure_xsii);
731 ntfs_index_ctx_put(vol->secure_xsdh);
732 ntfs_inode_close(vol->secure_ni);
735 if (ntfs_umount(vol, FALSE) != 0) {
736 ERROR_WITH_ERRNO("Failed to unmount NTFS volume `%s'",
739 ret = WIMLIB_ERR_NTFS_3G;
742 /* We need to leave the NTFS volume mounted so that we can read
743 * the NTFS files again when we are actually writing the WIM */