4 * Capture a WIM image from a NTFS volume. We capture everything we can,
5 * including security data and alternate data streams.
9 * Copyright (C) 2012 Eric Biggers
11 * This file is part of wimlib, a library for working with WIM files.
13 * wimlib is free software; you can redistribute it and/or modify it under the
14 * terms of the GNU General Public License as published by the Free
15 * Software Foundation; either version 3 of the License, or (at your option)
18 * wimlib is distributed in the hope that it will be useful, but WITHOUT ANY
19 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
20 * A PARTICULAR PURPOSE. See the GNU General Public License for more
23 * You should have received a copy of the GNU General Public License
24 * along with wimlib; if not, see http://www.gnu.org/licenses/.
31 #include <ntfs-3g/endians.h>
32 #include <ntfs-3g/types.h>
35 #include "wimlib_internal.h"
40 #include "lookup_table.h"
42 #include <ntfs-3g/layout.h>
43 #include <ntfs-3g/acls.h>
44 #include <ntfs-3g/attrib.h>
45 #include <ntfs-3g/misc.h>
46 #include <ntfs-3g/reparse.h>
47 #include <ntfs-3g/security.h> /* security.h before xattrs.h */
48 #include <ntfs-3g/xattrs.h>
49 #include <ntfs-3g/volume.h>
54 /* Structure that allows searching the security descriptors by SHA1 message
57 struct wim_security_data *sd;
61 /* Binary tree node of security descriptors, indexed by the @hash field. */
64 u8 hash[SHA1_HASH_SIZE];
66 struct sd_node *right;
69 static void free_sd_tree(struct sd_node *root)
72 free_sd_tree(root->left);
73 free_sd_tree(root->right);
77 /* Frees a security descriptor index set. */
78 static void destroy_sd_set(struct sd_set *sd_set)
80 free_sd_tree(sd_set->root);
83 /* Inserts a a new node into the security descriptor index tree. */
84 static void insert_sd_node(struct sd_node *new, struct sd_node *root)
86 int cmp = hashes_cmp(new->hash, root->hash);
89 insert_sd_node(new, root->left);
94 insert_sd_node(new, root->right);
102 /* Returns the security ID of the security data having a SHA1 message digest of
103 * @hash in the security descriptor index tree rooted at @root.
105 * If not found, return -1. */
106 static int lookup_sd(const u8 hash[SHA1_HASH_SIZE], struct sd_node *root)
111 cmp = hashes_cmp(hash, root->hash);
113 return lookup_sd(hash, root->left);
115 return lookup_sd(hash, root->right);
117 return root->security_id;
121 * Adds a security descriptor to the indexed security descriptor set as well as
122 * the corresponding `struct wim_security_data', and returns the new security
123 * ID; or, if there is an existing security descriptor that is the same, return
124 * the security ID for it. If a new security descriptor cannot be allocated,
127 static int sd_set_add_sd(struct sd_set *sd_set, const char descriptor[],
130 u8 hash[SHA1_HASH_SIZE];
136 struct wim_security_data *sd;
138 sha1_buffer((const u8*)descriptor, size, hash);
140 security_id = lookup_sd(hash, sd_set->root);
141 if (security_id >= 0)
144 new = MALLOC(sizeof(*new));
147 descr_copy = MALLOC(size);
153 memcpy(descr_copy, descriptor, size);
154 new->security_id = sd->num_entries;
157 copy_hash(new->hash, hash);
160 descriptors = REALLOC(sd->descriptors,
161 (sd->num_entries + 1) * sizeof(sd->descriptors[0]));
164 sd->descriptors = descriptors;
165 sizes = REALLOC(sd->sizes,
166 (sd->num_entries + 1) * sizeof(sd->sizes[0]));
170 sd->descriptors[sd->num_entries] = descr_copy;
171 sd->sizes[sd->num_entries] = size;
173 DEBUG("There are now %d security descriptors", sd->num_entries);
174 sd->total_length += size + sizeof(sd->sizes[0]);
177 insert_sd_node(new, sd_set->root);
180 return new->security_id;
189 static inline ntfschar *attr_record_name(ATTR_RECORD *ar)
191 return (ntfschar*)((u8*)ar + le16_to_cpu(ar->name_offset));
194 /* Calculates the SHA1 message digest of a NTFS attribute.
196 * @ni: The NTFS inode containing the attribute.
197 * @ar: The ATTR_RECORD describing the attribute.
198 * @md: If successful, the returned SHA1 message digest.
199 * @reparse_tag_ret: Optional pointer into which the first 4 bytes of the
200 * attribute will be written (to get the reparse
203 * Return 0 on success or nonzero on error.
205 static int ntfs_attr_sha1sum(ntfs_inode *ni, ATTR_RECORD *ar,
206 u8 md[SHA1_HASH_SIZE],
207 u32 *reparse_tag_ret)
215 na = ntfs_attr_open(ni, ar->type, attr_record_name(ar),
218 ERROR_WITH_ERRNO("Failed to open NTFS attribute");
219 return WIMLIB_ERR_NTFS_3G;
222 bytes_remaining = na->data_size;
225 DEBUG2("Calculating SHA1 message digest (%"PRIu64" bytes)",
228 while (bytes_remaining) {
229 s64 to_read = min(bytes_remaining, sizeof(buf));
230 if (ntfs_attr_pread(na, pos, to_read, buf) != to_read) {
231 ERROR_WITH_ERRNO("Error reading NTFS attribute");
232 return WIMLIB_ERR_NTFS_3G;
234 if (bytes_remaining == na->data_size && reparse_tag_ret)
235 *reparse_tag_ret = le32_to_cpu(*(u32*)buf);
236 sha1_update(&ctx, buf, to_read);
238 bytes_remaining -= to_read;
240 sha1_final(md, &ctx);
245 /* Load the streams from a file or reparse point in the NTFS volume into the WIM
247 static int capture_ntfs_streams(struct dentry *dentry, ntfs_inode *ni,
248 char path[], size_t path_len,
249 struct lookup_table *lookup_table,
250 ntfs_volume **ntfs_vol_p,
253 ntfs_attr_search_ctx *actx;
254 u8 attr_hash[SHA1_HASH_SIZE];
255 struct ntfs_location *ntfs_loc = NULL;
257 struct lookup_table_entry *lte;
259 DEBUG2("Capturing NTFS data streams from `%s'", path);
261 /* Get context to search the streams of the NTFS file. */
262 actx = ntfs_attr_get_search_ctx(ni, NULL);
264 ERROR_WITH_ERRNO("Cannot get NTFS attribute search "
266 return WIMLIB_ERR_NTFS_3G;
269 /* Capture each data stream or reparse data stream. */
270 while (!ntfs_attr_lookup(type, NULL, 0,
271 CASE_SENSITIVE, 0, NULL, 0, actx))
273 char *stream_name_utf8;
275 u64 data_size = ntfs_get_attribute_value_length(actx->attr);
276 u64 name_length = actx->attr->name_length;
278 if (data_size == 0) {
280 ERROR_WITH_ERRNO("Failed to get size of attribute of "
282 ret = WIMLIB_ERR_NTFS_3G;
285 /* Empty stream. No lookup table entry is needed. */
288 if (type == AT_REPARSE_POINT && data_size < 8) {
289 ERROR("`%s': reparse point buffer too small",
291 ret = WIMLIB_ERR_NTFS_3G;
294 /* Checksum the stream. */
295 ret = ntfs_attr_sha1sum(ni, actx->attr, attr_hash, &reparse_tag);
299 /* Make a lookup table entry for the stream, or use an existing
300 * one if there's already an identical stream. */
301 lte = __lookup_resource(lookup_table, attr_hash);
302 ret = WIMLIB_ERR_NOMEM;
306 ntfs_loc = CALLOC(1, sizeof(*ntfs_loc));
309 ntfs_loc->ntfs_vol_p = ntfs_vol_p;
310 ntfs_loc->path_utf8 = MALLOC(path_len + 1);
311 if (!ntfs_loc->path_utf8)
312 goto out_free_ntfs_loc;
313 memcpy(ntfs_loc->path_utf8, path, path_len + 1);
315 ntfs_loc->stream_name_utf16 = MALLOC(name_length * 2);
316 if (!ntfs_loc->stream_name_utf16)
317 goto out_free_ntfs_loc;
318 memcpy(ntfs_loc->stream_name_utf16,
319 attr_record_name(actx->attr),
320 actx->attr->name_length * 2);
321 ntfs_loc->stream_name_utf16_num_chars = name_length;
324 lte = new_lookup_table_entry();
326 goto out_free_ntfs_loc;
327 lte->ntfs_loc = ntfs_loc;
328 lte->resource_location = RESOURCE_IN_NTFS_VOLUME;
329 if (type == AT_REPARSE_POINT) {
330 dentry->d_inode->reparse_tag = reparse_tag;
331 ntfs_loc->is_reparse_point = true;
332 lte->resource_entry.original_size = data_size - 8;
333 lte->resource_entry.size = data_size - 8;
335 ntfs_loc->is_reparse_point = false;
336 lte->resource_entry.original_size = data_size;
337 lte->resource_entry.size = data_size;
340 DEBUG("Add resource for `%s' (size = %zu)",
341 dentry->file_name_utf8,
342 lte->resource_entry.original_size);
343 copy_hash(lte->hash, attr_hash);
344 lookup_table_insert(lookup_table, lte);
347 if (name_length == 0) {
348 /* Unnamed data stream. Put the reference to it in the
350 if (dentry->d_inode->lte) {
351 ERROR("Found two un-named data streams for "
353 ret = WIMLIB_ERR_NTFS_3G;
356 dentry->d_inode->lte = lte;
358 /* Named data stream. Put the reference to it in the
359 * alternate data stream entries */
360 struct ads_entry *new_ads_entry;
361 size_t stream_name_utf8_len;
362 stream_name_utf8 = utf16_to_utf8((const char*)attr_record_name(actx->attr),
364 &stream_name_utf8_len);
365 if (!stream_name_utf8)
367 new_ads_entry = inode_add_ads(dentry->d_inode, stream_name_utf8);
368 FREE(stream_name_utf8);
372 wimlib_assert(new_ads_entry->stream_name_len == name_length * 2);
374 new_ads_entry->lte = lte;
380 free_lookup_table_entry(lte);
383 FREE(ntfs_loc->path_utf8);
384 FREE(ntfs_loc->stream_name_utf16);
388 ntfs_attr_put_search_ctx(actx);
390 DEBUG2("Successfully captured NTFS streams from `%s'", path);
392 ERROR("Failed to capture NTFS streams from `%s", path);
397 struct dentry *parent;
401 struct lookup_table *lookup_table;
402 struct sd_set *sd_set;
403 const struct capture_config *config;
404 ntfs_volume **ntfs_vol_p;
409 build_dentry_tree_ntfs_recursive(struct dentry **root_p, ntfs_inode *dir_ni,
410 ntfs_inode *ni, char path[], size_t path_len,
412 struct lookup_table *lookup_table,
413 struct sd_set *sd_set,
414 const struct capture_config *config,
415 ntfs_volume **ntfs_vol_p,
418 static int wim_ntfs_capture_filldir(void *dirent, const ntfschar *name,
419 const int name_len, const int name_type,
420 const s64 pos, const MFT_REF mref,
421 const unsigned dt_type)
423 struct readdir_ctx *ctx;
424 size_t utf8_name_len;
426 struct dentry *child = NULL;
430 if (name_type == FILE_NAME_DOS)
435 utf8_name = utf16_to_utf8((const char*)name, name_len * 2,
440 if (utf8_name[0] == '.' &&
441 (utf8_name[1] == '\0' ||
442 (utf8_name[1] == '.' && utf8_name[2] == '\0'))) {
444 goto out_free_utf8_name;
449 ntfs_inode *ni = ntfs_inode_open(ctx->dir_ni->vol, mref);
451 ERROR_WITH_ERRNO("Failed to open NTFS inode");
452 goto out_free_utf8_name;
454 path_len = ctx->path_len;
456 ctx->path[path_len++] = '/';
457 memcpy(ctx->path + path_len, utf8_name, utf8_name_len + 1);
458 path_len += utf8_name_len;
459 ret = build_dentry_tree_ntfs_recursive(&child, ctx->dir_ni,
460 ni, ctx->path, path_len, name_type,
461 ctx->lookup_table, ctx->sd_set,
462 ctx->config, ctx->ntfs_vol_p,
466 dentry_add_child(ctx->parent, child);
468 ntfs_inode_close(ni);
475 static int change_dentry_short_name(struct dentry *dentry,
476 const char short_name_utf8[],
477 int short_name_utf8_len)
479 size_t short_name_utf16_len;
480 char *short_name_utf16;
481 short_name_utf16 = utf8_to_utf16(short_name_utf8, short_name_utf8_len,
482 &short_name_utf16_len);
483 if (!short_name_utf16) {
484 ERROR_WITH_ERRNO("Failed to convert short name to UTF-16");
485 return WIMLIB_ERR_NOMEM;
487 dentry->short_name = short_name_utf16;
488 dentry->short_name_len = short_name_utf16_len;
492 /* Recursively build a WIM dentry tree corresponding to a NTFS volume.
493 * At the same time, update the WIM lookup table with lookup table entries for
494 * the NTFS streams, and build an array of security descriptors.
496 static int build_dentry_tree_ntfs_recursive(struct dentry **root_p,
502 struct lookup_table *lookup_table,
503 struct sd_set *sd_set,
504 const struct capture_config *config,
505 ntfs_volume **ntfs_vol_p,
511 char dos_name_utf8[64];
514 mrec_flags = ni->mrec->flags;
515 struct SECURITY_CONTEXT ctx;
516 memset(&ctx, 0, sizeof(ctx));
518 ret = ntfs_xattr_system_getxattr(&ctx, XATTR_NTFS_ATTRIB,
519 ni, dir_ni, (char *)&attributes,
522 ERROR_WITH_ERRNO("Failed to get NTFS attributes from `%s'",
524 return WIMLIB_ERR_NTFS_3G;
527 if (exclude_path(path, config, false)) {
528 if (flags & WIMLIB_ADD_IMAGE_FLAG_VERBOSE) {
529 const char *file_type;
530 if (attributes & MFT_RECORD_IS_DIRECTORY)
531 file_type = "directory";
534 printf("Excluding %s `%s' from capture\n",
541 if (flags & WIMLIB_ADD_IMAGE_FLAG_VERBOSE)
542 printf("Scanning `%s'\n", path);
544 root = new_dentry_with_timeless_inode(path_basename(path));
546 return WIMLIB_ERR_NOMEM;
549 if (dir_ni && (name_type == FILE_NAME_WIN32_AND_DOS
550 || name_type == FILE_NAME_WIN32))
552 ret = ntfs_get_ntfs_dos_name(ni, dir_ni, dos_name_utf8,
553 sizeof(dos_name_utf8));
555 DEBUG("Changing short name of `%s'", path);
556 ret = change_dentry_short_name(root, dos_name_utf8,
562 if (errno != ENODATA) {
563 ERROR_WITH_ERRNO("Error getting DOS name "
565 return WIMLIB_ERR_NTFS_3G;
571 root->d_inode->creation_time = le64_to_cpu(ni->creation_time);
572 root->d_inode->last_write_time = le64_to_cpu(ni->last_data_change_time);
573 root->d_inode->last_access_time = le64_to_cpu(ni->last_access_time);
574 root->d_inode->attributes = le32_to_cpu(attributes);
575 root->d_inode->ino = ni->mft_no;
576 root->d_inode->resolved = true;
578 if (attributes & FILE_ATTR_REPARSE_POINT) {
579 /* Junction point, symbolic link, or other reparse point */
580 ret = capture_ntfs_streams(root, ni, path, path_len,
581 lookup_table, ntfs_vol_p,
583 } else if (mrec_flags & MFT_RECORD_IS_DIRECTORY) {
585 /* Normal directory */
587 struct readdir_ctx ctx = {
591 .path_len = path_len,
592 .lookup_table = lookup_table,
595 .ntfs_vol_p = ntfs_vol_p,
598 ret = ntfs_readdir(ni, &pos, &ctx, wim_ntfs_capture_filldir);
600 ERROR_WITH_ERRNO("ntfs_readdir()");
601 ret = WIMLIB_ERR_NTFS_3G;
605 ret = capture_ntfs_streams(root, ni, path, path_len,
606 lookup_table, ntfs_vol_p,
615 ret = ntfs_xattr_system_getxattr(&ctx, XATTR_NTFS_ACL,
618 if (ret > sizeof(sd)) {
620 ret = ntfs_xattr_system_getxattr(&ctx, XATTR_NTFS_ACL,
621 ni, dir_ni, sd, ret);
624 root->d_inode->security_id = sd_set_add_sd(sd_set, sd, ret);
625 if (root->d_inode->security_id == -1) {
626 ERROR("Out of memory");
627 return WIMLIB_ERR_NOMEM;
629 DEBUG("Added security ID = %u for `%s'",
630 root->d_inode->security_id, path);
632 } else if (ret < 0) {
633 ERROR_WITH_ERRNO("Failed to get security information from "
635 ret = WIMLIB_ERR_NTFS_3G;
637 root->d_inode->security_id = -1;
638 DEBUG("No security ID for `%s'", path);
643 static int build_dentry_tree_ntfs(struct dentry **root_p,
645 struct lookup_table *lookup_table,
646 struct wim_security_data *sd,
647 const struct capture_config *config,
654 struct sd_set sd_set = {
658 ntfs_volume **ntfs_vol_p = extra_arg;
660 DEBUG("Mounting NTFS volume `%s' read-only", device);
662 vol = ntfs_mount(device, MS_RDONLY);
664 ERROR_WITH_ERRNO("Failed to mount NTFS volume `%s' read-only",
666 return WIMLIB_ERR_NTFS_3G;
668 ntfs_open_secure(vol);
670 /* We don't want to capture the special NTFS files such as $Bitmap. Not
671 * to be confused with "hidden" or "system" files which are real files
672 * that we do need to capture. */
673 NVolClearShowSysFiles(vol);
675 DEBUG("Opening root NTFS dentry");
676 root_ni = ntfs_inode_open(vol, FILE_root);
678 ERROR_WITH_ERRNO("Failed to open root inode of NTFS volume "
680 ret = WIMLIB_ERR_NTFS_3G;
684 /* Currently we assume that all the UTF-8 paths fit into this length and
685 * there is no check for overflow. */
686 char *path = MALLOC(32768);
688 ERROR("Could not allocate memory for NTFS pathname");
694 ret = build_dentry_tree_ntfs_recursive(root_p, NULL, root_ni, path, 1,
695 FILE_NAME_POSIX, lookup_table,
696 &sd_set, config, ntfs_vol_p,
700 ntfs_inode_close(root_ni);
701 destroy_sd_set(&sd_set);
705 if (ntfs_umount(vol, FALSE) != 0) {
706 ERROR_WITH_ERRNO("Failed to unmount NTFS volume `%s'",
709 ret = WIMLIB_ERR_NTFS_3G;
712 /* We need to leave the NTFS volume mounted so that we can read
713 * the NTFS files again when we are actually writing the WIM */
721 WIMLIBAPI int wimlib_add_image_from_ntfs_volume(WIMStruct *w,
724 const char *config_str,
728 if (flags & (WIMLIB_ADD_IMAGE_FLAG_DEREFERENCE)) {
729 ERROR("Cannot dereference files when capturing directly from NTFS");
730 return WIMLIB_ERR_INVALID_PARAM;
732 return do_add_image(w, device, name, config_str, config_len, flags,
733 build_dentry_tree_ntfs, &w->ntfs_vol);
736 #else /* WITH_NTFS_3G */
737 WIMLIBAPI int wimlib_add_image_from_ntfs_volume(WIMStruct *w,
740 const char *config_str,
744 ERROR("wimlib was compiled without support for NTFS-3g, so");
745 ERROR("we cannot capture a WIM image directly from a NTFS volume");
746 return WIMLIB_ERR_UNSUPPORTED;
748 #endif /* WITH_NTFS_3G */