+#include <errno.h>
+
+/* Structure that allows searching the security descriptors by SHA1 message
+ * digest. */
+struct sd_set {
+ struct wim_security_data *sd;
+ struct sd_node *root;
+};
+
+/* Binary tree node of security descriptors, indexed by the @hash field. */
+struct sd_node {
+ int security_id;
+ u8 hash[SHA1_HASH_SIZE];
+ struct sd_node *left;
+ struct sd_node *right;
+};
+
+static void free_sd_tree(struct sd_node *root)
+{
+ if (root) {
+ free_sd_tree(root->left);
+ free_sd_tree(root->right);
+ FREE(root);
+ }
+}
+/* Frees a security descriptor index set. */
+static void destroy_sd_set(struct sd_set *sd_set)
+{
+ free_sd_tree(sd_set->root);
+}
+
+/* Inserts a a new node into the security descriptor index tree. */
+static void insert_sd_node(struct sd_node *new, struct sd_node *root)
+{
+ int cmp = hashes_cmp(new->hash, root->hash);
+ if (cmp < 0) {
+ if (root->left)
+ insert_sd_node(new, root->left);
+ else
+ root->left = new;
+ } else if (cmp > 0) {
+ if (root->right)
+ insert_sd_node(new, root->right);
+ else
+ root->right = new;
+ } else {
+ wimlib_assert(0);
+ }
+}
+
+/* Returns the security ID of the security data having a SHA1 message digest of
+ * @hash in the security descriptor index tree rooted at @root.
+ *
+ * If not found, return -1. */
+static int lookup_sd(const u8 hash[SHA1_HASH_SIZE], struct sd_node *root)
+{
+ int cmp;
+ if (!root)
+ return -1;
+ cmp = hashes_cmp(hash, root->hash);
+ if (cmp < 0)
+ return lookup_sd(hash, root->left);
+ else if (cmp > 0)
+ return lookup_sd(hash, root->right);
+ else
+ return root->security_id;
+}
+
+/*
+ * Adds a security descriptor to the indexed security descriptor set as well as
+ * the corresponding `struct wim_security_data', and returns the new security
+ * ID; or, if there is an existing security descriptor that is the same, return
+ * the security ID for it. If a new security descriptor cannot be allocated,
+ * return -1.
+ */
+static int sd_set_add_sd(struct sd_set *sd_set, const char descriptor[],
+ size_t size)
+{
+ u8 hash[SHA1_HASH_SIZE];
+ int security_id;
+ struct sd_node *new;
+ u8 **descriptors;
+ u64 *sizes;
+ u8 *descr_copy;
+ struct wim_security_data *sd;
+
+ sha1_buffer((const u8*)descriptor, size, hash);
+
+ security_id = lookup_sd(hash, sd_set->root);
+ if (security_id >= 0)
+ return security_id;
+
+ new = MALLOC(sizeof(*new));
+ if (!new)
+ goto out;
+ descr_copy = MALLOC(size);
+ if (!descr_copy)
+ goto out_free_node;
+
+ sd = sd_set->sd;
+
+ memcpy(descr_copy, descriptor, size);
+ new->security_id = sd->num_entries;
+ new->left = NULL;
+ new->right = NULL;
+ copy_hash(new->hash, hash);
+
+
+ descriptors = REALLOC(sd->descriptors,
+ (sd->num_entries + 1) * sizeof(sd->descriptors[0]));
+ if (!descriptors)
+ goto out_free_descr;
+ sd->descriptors = descriptors;
+ sizes = REALLOC(sd->sizes,
+ (sd->num_entries + 1) * sizeof(sd->sizes[0]));
+ if (!sizes)
+ goto out_free_descr;
+ sd->sizes = sizes;
+ sd->descriptors[sd->num_entries] = descr_copy;
+ sd->sizes[sd->num_entries] = size;
+ sd->num_entries++;
+ DEBUG("There are now %d security descriptors", sd->num_entries);
+ sd->total_length += size + sizeof(sd->sizes[0]);
+
+ if (sd_set->root)
+ insert_sd_node(new, sd_set->root);
+ else
+ sd_set->root = new;
+ return new->security_id;
+out_free_descr:
+ FREE(descr_copy);
+out_free_node:
+ FREE(new);
+out:
+ return -1;
+}
+
+static inline ntfschar *attr_record_name(ATTR_RECORD *ar)
+{
+ return (ntfschar*)((u8*)ar + le16_to_cpu(ar->name_offset));
+}
+
+/* Calculates the SHA1 message digest of a NTFS attribute.
+ *
+ * @ni: The NTFS inode containing the attribute.
+ * @ar: The ATTR_RECORD describing the attribute.
+ * @md: If successful, the returned SHA1 message digest.
+ * @reparse_tag_ret: Optional pointer into which the first 4 bytes of the
+ * attribute will be written (to get the reparse
+ * point ID)
+ *
+ * Return 0 on success or nonzero on error.
+ */
+static int ntfs_attr_sha1sum(ntfs_inode *ni, ATTR_RECORD *ar,
+ u8 md[SHA1_HASH_SIZE],
+ bool is_reparse_point,
+ u32 *reparse_tag_ret)
+{
+ s64 pos = 0;
+ s64 bytes_remaining;
+ char buf[BUFFER_SIZE];
+ ntfs_attr *na;
+ SHA_CTX ctx;
+
+ na = ntfs_attr_open(ni, ar->type, attr_record_name(ar),
+ ar->name_length);
+ if (!na) {
+ ERROR_WITH_ERRNO("Failed to open NTFS attribute");
+ return WIMLIB_ERR_NTFS_3G;
+ }
+
+ bytes_remaining = na->data_size;
+
+ if (is_reparse_point) {
+ if (ntfs_attr_pread(na, 0, 8, buf) != 8)
+ goto out_error;
+ *reparse_tag_ret = le32_to_cpu(*(u32*)buf);
+ pos = 8;
+ bytes_remaining -= 8;
+ }
+
+ sha1_init(&ctx);
+ while (bytes_remaining) {
+ s64 to_read = min(bytes_remaining, sizeof(buf));
+ if (ntfs_attr_pread(na, pos, to_read, buf) != to_read)
+ goto out_error;
+ sha1_update(&ctx, buf, to_read);
+ pos += to_read;
+ bytes_remaining -= to_read;
+ }
+ sha1_final(md, &ctx);
+ ntfs_attr_close(na);
+ return 0;
+out_error:
+ ERROR_WITH_ERRNO("Error reading NTFS attribute");
+ return WIMLIB_ERR_NTFS_3G;
+}
+
+/* Load the streams from a file or reparse point in the NTFS volume into the WIM
+ * lookup table */
+static int capture_ntfs_streams(struct dentry *dentry, ntfs_inode *ni,
+ char path[], size_t path_len,
+ struct lookup_table *lookup_table,
+ ntfs_volume **ntfs_vol_p,
+ ATTR_TYPES type)
+{
+ ntfs_attr_search_ctx *actx;
+ u8 attr_hash[SHA1_HASH_SIZE];
+ struct ntfs_location *ntfs_loc = NULL;
+ int ret = 0;
+ struct lookup_table_entry *lte;
+
+ DEBUG2("Capturing NTFS data streams from `%s'", path);
+
+ /* Get context to search the streams of the NTFS file. */
+ actx = ntfs_attr_get_search_ctx(ni, NULL);
+ if (!actx) {
+ ERROR_WITH_ERRNO("Cannot get NTFS attribute search "
+ "context");
+ return WIMLIB_ERR_NTFS_3G;
+ }