*
* Apply a WIM image directly to an NTFS volume using libntfs-3g. Restore as
* much information as possible, including security data, file attributes, DOS
- * names, and alternate data streams.
+ * names, alternate data streams, and object IDs.
*
- * Note: because NTFS-3g offers inode-based interfaces, we actually don't need
+ * Note: because NTFS-3G offers inode-based interfaces, we actually don't need
* to deal with paths at all! (Other than for error messages.)
*/
/*
- * Copyright (C) 2012, 2013, 2014, 2015 Eric Biggers
+ * Copyright (C) 2012-2016 Eric Biggers
*
* This file is free software; you can redistribute it and/or modify it under
* the terms of the GNU Lesser General Public License as published by the Free
#include <string.h>
#include <ntfs-3g/attrib.h>
+#include <ntfs-3g/object_id.h>
#include <ntfs-3g/reparse.h>
#include <ntfs-3g/security.h>
#include "wimlib/error.h"
#include "wimlib/metadata.h"
#include "wimlib/ntfs_3g.h"
+#include "wimlib/object_id.h"
#include "wimlib/reparse.h"
#include "wimlib/security.h"
-#include "wimlib/security_descriptor.h"
static int
ntfs_3g_get_supported_features(const char *target,
struct wim_features *supported_features)
{
- supported_features->archive_files = 1;
+ supported_features->readonly_files = 1;
supported_features->hidden_files = 1;
supported_features->system_files = 1;
+ supported_features->archive_files = 1;
supported_features->compressed_files = 1;
supported_features->not_context_indexed_files = 1;
supported_features->named_data_streams = 1;
supported_features->reparse_points = 1;
supported_features->security_descriptors = 1;
supported_features->short_names = 1;
+ supported_features->object_ids = 1;
supported_features->timestamps = 1;
supported_features->case_sensitive_filenames = 1;
return 0;
struct wim_inode *wim_reparse_inodes[MAX_OPEN_FILES];
};
-static size_t
-sid_size(const wimlib_SID *sid)
-{
- return offsetof(wimlib_SID, sub_authority) +
- sizeof(le32) * sid->sub_authority_count;
-}
-
-/*
- * sd_fixup - Fix up a Windows NT security descriptor for libntfs-3g.
- *
- * libntfs-3g validates security descriptors before setting them, but old
- * versions contain bugs causing it to reject unusual but valid security
- * descriptors:
- *
- * - Versions before 2013.1.13 reject security descriptors ending with an empty
- * SACL (System Access Control List). This bug can be worked around either by
- * moving the empty SACL earlier in the security descriptor or by removing the
- * SACL entirely. The latter work-around is valid because an empty SACL is
- * equivalent to a "null", or non-existent, SACL.
- * - Versions before 2014.2.15 reject security descriptors ending with an empty
- * DACL (Discretionary Access Control List). This is very similar to the SACL
- * bug. However, removing the DACL is not a valid workaround because this
- * changes the meaning of the security descriptor--- an empty DACL allows no
- * access, whereas a "null" DACL allows all access.
- *
- * If the security descriptor was fixed, this function returns an allocated
- * buffer containing the fixed security descriptor, and its size is updated.
- * Otherwise (or if no memory is available) NULL is returned.
- */
-static void *
-sd_fixup(const void *_desc, size_t *size_p)
-{
- u32 owner_offset, group_offset, dacl_offset, sacl_offset;
- bool owner_valid, group_valid;
- size_t size = *size_p;
- const wimlib_SECURITY_DESCRIPTOR_RELATIVE *desc = _desc;
- wimlib_SECURITY_DESCRIPTOR_RELATIVE *desc_new;
- const wimlib_SID *owner, *group, *sid;
-
- /* Don't attempt to fix clearly invalid security descriptors. */
- if (size < sizeof(wimlib_SECURITY_DESCRIPTOR_RELATIVE))
- return NULL;
-
- if (le16_to_cpu(desc->control) & wimlib_SE_DACL_PRESENT)
- dacl_offset = le32_to_cpu(desc->dacl_offset);
- else
- dacl_offset = 0;
-
- if (le16_to_cpu(desc->control) & wimlib_SE_SACL_PRESENT)
- sacl_offset = le32_to_cpu(desc->sacl_offset);
- else
- sacl_offset = 0;
-
- /* Check if the security descriptor will be affected by one of the bugs.
- * If not, do nothing and return. */
- if (!((sacl_offset != 0 && sacl_offset == size - sizeof(wimlib_ACL)) ||
- (dacl_offset != 0 && dacl_offset == size - sizeof(wimlib_ACL))))
- return NULL;
-
- owner_offset = le32_to_cpu(desc->owner_offset);
- group_offset = le32_to_cpu(desc->group_offset);
- owner = (const wimlib_SID*)((const u8*)desc + owner_offset);
- group = (const wimlib_SID*)((const u8*)desc + group_offset);
-
- /* We'll try to move the owner or group SID to the end of the security
- * descriptor to avoid the bug. This is only possible if at least one
- * is valid. */
- owner_valid = (owner_offset != 0) &&
- (owner_offset % 4 == 0) &&
- (owner_offset <= size - sizeof(SID)) &&
- (owner_offset + sid_size(owner) <= size) &&
- (owner_offset >= sizeof(wimlib_SECURITY_DESCRIPTOR_RELATIVE));
- group_valid = (group_offset != 0) &&
- (group_offset % 4 == 0) &&
- (group_offset <= size - sizeof(SID)) &&
- (group_offset + sid_size(group) <= size) &&
- (group_offset >= sizeof(wimlib_SECURITY_DESCRIPTOR_RELATIVE));
- if (owner_valid) {
- sid = owner;
- } else if (group_valid) {
- sid = group;
- } else {
- return NULL;
- }
-
- desc_new = MALLOC(size + sid_size(sid));
- if (!desc_new)
- return NULL;
-
- memcpy(desc_new, desc, size);
- if (owner_valid)
- desc_new->owner_offset = cpu_to_le32(size);
- else if (group_valid)
- desc_new->group_offset = cpu_to_le32(size);
- memcpy((u8*)desc_new + size, sid, sid_size(sid));
- *size_p = size + sid_size(sid);
- return desc_new;
-}
-
-/* Set the security descriptor @desc of size @desc_size on the NTFS inode @ni.
- */
-static int
-ntfs_3g_set_security_descriptor(ntfs_inode *ni, const void *desc, size_t desc_size)
-{
- struct SECURITY_CONTEXT sec_ctx;
- void *desc_fixed = NULL;
- int ret = 0;
-
- memset(&sec_ctx, 0, sizeof(sec_ctx));
- sec_ctx.vol = ni->vol;
-
-retry:
- if (ntfs_set_ntfs_acl(&sec_ctx, ni, desc, desc_size, 0)) {
- if (desc_fixed == NULL) {
- desc_fixed = sd_fixup(desc, &desc_size);
- if (desc_fixed != NULL) {
- desc = desc_fixed;
- goto retry;
- }
- }
- ret = WIMLIB_ERR_SET_SECURITY;
- }
-
- FREE(desc_fixed);
- return ret;
-}
-
static int
ntfs_3g_set_timestamps(ntfs_inode *ni, const struct wim_inode *inode)
{
}
utf16le_put_tstr(dos_name);
if (ret) {
+ int err = errno;
ERROR_WITH_ERRNO("Failed to set DOS name of \"%s\" in NTFS "
"volume", dentry_full_path(dentry));
+ if (err == EILSEQ) {
+ ERROR("This error may have been caused by a known "
+ "bug in libntfs-3g where it is unable to set "
+ "DOS names on files whose long names contain "
+ "unpaired surrogate characters. This bug "
+ "was fixed in the development version of "
+ "NTFS-3G in June 2016.");
+ }
ret = WIMLIB_ERR_SET_SHORT_NAME;
goto out_close;
}
- /* Unlike most other NTFS-3g functions, ntfs_set_ntfs_dos_name()
+ /* Unlike most other NTFS-3G functions, ntfs_set_ntfs_dos_name()
* changes the directory's last modification timestamp...
* Change it back. */
return ntfs_3g_restore_timestamps(vol, dentry->d_parent->d_inode);
if (ntfs_set_ntfs_reparse_data(ni, (const char *)&ctx->rpbuf,
REPARSE_DATA_OFFSET + blob_size, 0))
{
+ int err = errno;
ERROR_WITH_ERRNO("Failed to set reparse data on \"%s\"",
dentry_full_path(
inode_first_extraction_dentry(inode)));
+ if (err == EINVAL && !(inode->i_reparse_tag & 0x80000000)) {
+ WARNING("This reparse point had a non-Microsoft reparse "
+ "tag. The preceding error may have been caused "
+ "by a known bug in libntfs-3g where it does not "
+ "correctly validate non-Microsoft reparse "
+ "points. This bug was fixed in NTFS-3G version "
+ "2016.2.22.");
+ }
return WIMLIB_ERR_SET_REPARSE_DATA;
}
sd = wim_get_current_security_data(ctx->common.wim);
one_dentry = inode_first_extraction_dentry(inode);
+ /* Object ID */
+ {
+ u32 len;
+ const void *object_id = inode_get_object_id(inode, &len);
+ if (unlikely(object_id != NULL) &&
+ ntfs_set_ntfs_object_id(ni, object_id, len, 0))
+ {
+ if (errno == EEXIST) {
+ WARNING("Duplicate object ID on file \"%s\"",
+ dentry_full_path(one_dentry));
+ } else {
+ ERROR_WITH_ERRNO("Failed to set object ID on "
+ "\"%s\" in NTFS volume",
+ dentry_full_path(one_dentry));
+ return WIMLIB_ERR_NTFS_3G;
+ }
+ }
+ }
+
/* Attributes */
if (!(extract_flags & WIMLIB_EXTRACT_FLAG_NO_ATTRIBUTES)) {
u32 attrib = inode->i_attributes;
if (inode_has_security_descriptor(inode)
&& !(extract_flags & WIMLIB_EXTRACT_FLAG_NO_ACLS))
{
+ struct SECURITY_CONTEXT sec_ctx = { ctx->vol };
const void *desc;
size_t desc_size;
desc = sd->descriptors[inode->i_security_id];
desc_size = sd->sizes[inode->i_security_id];
- ret = ntfs_3g_set_security_descriptor(ni, desc, desc_size);
+ ret = ntfs_set_ntfs_acl(&sec_ctx, ni, desc, desc_size, 0);
if (unlikely(ret)) {
int err = errno;
fprintf(wimlib_error_file,
"The security descriptor is: ");
print_byte_field(desc, desc_size, wimlib_error_file);
- fprintf(wimlib_error_file, "\n");
fprintf(wimlib_error_file,
- "\nThis error occurred because libntfs-3g thinks "
- "the security descriptor is invalid. If you "
- "are extracting a Windows 10 image, this may be "
- "caused by a known bug in libntfs-3g. See: "
- "http://wimlib.net/forums/viewtopic.php?f=1&t=4 "
- "for more information.\n\n");
+ "\n\nThis error occurred because libntfs-3g thinks "
+ "the security descriptor is invalid. There "
+ "are several known bugs with libntfs-3g's "
+ "security descriptor validation logic in older "
+ "versions. Please upgrade to NTFS-3G version "
+ "2016.2.22 or later if you haven't already.\n");
}
- return ret;
+ return WIMLIB_ERR_SET_SECURITY;
}
}
/* Set the DOS name of any directory that has one. In addition, create
* empty attributes for directories that have them. Note that creating
- * an empty reparse point attribute must happen *after* setting the
- * DOS name in order to work around a case where
- * ntfs_set_ntfs_dos_name() fails with EOPNOTSUPP. */
+ * an empty reparse point attribute must happen *after* setting the DOS
+ * name in order to work around a case where ntfs_set_ntfs_dos_name()
+ * fails with EOPNOTSUPP. This bug was fixed in NTFS-3G version
+ * 2016.2.22. */
list_for_each_entry(dentry, dentry_list, d_extraction_list_node) {
const struct wim_inode *inode = dentry->d_inode;
struct wim_dentry *root;
int ret;
- /* For NTFS-3g extraction mode we require that the dentries to extract
+ /* For NTFS-3G extraction mode we require that the dentries to extract
* form a single tree. */
root = list_first_entry(dentry_list, struct wim_dentry,
d_extraction_list_node);
/* Mount the NTFS volume. */
vol = ntfs_mount(ctx->common.target, 0);
if (!vol) {
- ERROR_WITH_ERRNO("Failed to mount \"%s\" with NTFS-3g",
+ ERROR_WITH_ERRNO("Failed to mount \"%s\" with NTFS-3G",
ctx->common.target);
return WIMLIB_ERR_NTFS_3G;
}
out_unmount:
if (ntfs_umount(ctx->vol, FALSE) && !ret) {
- ERROR_WITH_ERRNO("Failed to unmount \"%s\" with NTFS-3g",
+ ERROR_WITH_ERRNO("Failed to unmount \"%s\" with NTFS-3G",
ctx->common.target);
ret = WIMLIB_ERR_NTFS_3G;
}
}
const struct apply_operations ntfs_3g_apply_ops = {
- .name = "NTFS-3g",
+ .name = "NTFS-3G",
.get_supported_features = ntfs_3g_get_supported_features,
.extract = ntfs_3g_extract,
.context_size = sizeof(struct ntfs_3g_apply_ctx),
.single_tree_only = true,
};
-
-void
-libntfs3g_global_init(void)
-{
- ntfs_set_char_encoding(setlocale(LC_ALL, ""));
-}