4 * Capture a WIM image from a NTFS volume. We capture everything we can,
5 * including security data and alternate data streams.
9 * Copyright (C) 2012, 2013 Eric Biggers
11 * This file is part of wimlib, a library for working with WIM files.
13 * wimlib is free software; you can redistribute it and/or modify it under the
14 * terms of the GNU General Public License as published by the Free
15 * Software Foundation; either version 3 of the License, or (at your option)
18 * wimlib is distributed in the hope that it will be useful, but WITHOUT ANY
19 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
20 * A PARTICULAR PURPOSE. See the GNU General Public License for more
23 * You should have received a copy of the GNU General Public License
24 * along with wimlib; if not, see http://www.gnu.org/licenses/.
30 #include <ntfs-3g/endians.h>
31 #include <ntfs-3g/types.h>
33 #include "buffer_io.h"
35 #include "lookup_table.h"
37 #include "wimlib_internal.h"
39 #include <ntfs-3g/layout.h>
40 #include <ntfs-3g/acls.h>
41 #include <ntfs-3g/attrib.h>
42 #include <ntfs-3g/misc.h>
43 #include <ntfs-3g/reparse.h>
44 #include <ntfs-3g/security.h> /* ntfs-3g/security.h before ntfs-3g/xattrs.h */
45 #include <ntfs-3g/xattrs.h>
46 #include <ntfs-3g/volume.h>
55 static inline ntfschar *
56 attr_record_name(ATTR_RECORD *ar)
58 return (ntfschar*)((u8*)ar + le16_to_cpu(ar->name_offset));
61 /* Calculates the SHA1 message digest of a NTFS attribute.
63 * @ni: The NTFS inode containing the attribute.
64 * @ar: The ATTR_RECORD describing the attribute.
65 * @md: If successful, the returned SHA1 message digest.
66 * @reparse_tag_ret: Optional pointer into which the first 4 bytes of the
67 * attribute will be written (to get the reparse
70 * Return 0 on success or nonzero on error.
73 ntfs_attr_sha1sum(ntfs_inode *ni, ATTR_RECORD *ar,
74 u8 md[SHA1_HASH_SIZE],
75 bool is_reparse_point,
80 char buf[BUFFER_SIZE];
84 na = ntfs_attr_open(ni, ar->type, attr_record_name(ar),
87 ERROR_WITH_ERRNO("Failed to open NTFS attribute");
88 return WIMLIB_ERR_NTFS_3G;
91 bytes_remaining = na->data_size;
93 if (is_reparse_point) {
94 if (ntfs_attr_pread(na, 0, 8, buf) != 8)
96 *reparse_tag_ret = le32_to_cpu(*(u32*)buf);
97 DEBUG("ReparseTag = %#x", *reparse_tag_ret);
103 while (bytes_remaining) {
104 s64 to_read = min(bytes_remaining, sizeof(buf));
105 if (ntfs_attr_pread(na, pos, to_read, buf) != to_read)
107 sha1_update(&ctx, buf, to_read);
109 bytes_remaining -= to_read;
111 sha1_final(md, &ctx);
115 ERROR_WITH_ERRNO("Error reading NTFS attribute");
116 return WIMLIB_ERR_NTFS_3G;
119 /* Load the streams from a file or reparse point in the NTFS volume into the WIM
122 capture_ntfs_streams(struct wim_dentry *dentry,
126 struct wim_lookup_table *lookup_table,
127 ntfs_volume **ntfs_vol_p,
130 ntfs_attr_search_ctx *actx;
131 u8 attr_hash[SHA1_HASH_SIZE];
132 struct ntfs_location *ntfs_loc = NULL;
134 struct wim_lookup_table_entry *lte;
136 DEBUG2("Capturing NTFS data streams from `%s'", path);
138 /* Get context to search the streams of the NTFS file. */
139 actx = ntfs_attr_get_search_ctx(ni, NULL);
141 ERROR_WITH_ERRNO("Cannot get NTFS attribute search "
143 return WIMLIB_ERR_NTFS_3G;
146 /* Capture each data stream or reparse data stream. */
147 while (!ntfs_attr_lookup(type, NULL, 0,
148 CASE_SENSITIVE, 0, NULL, 0, actx))
151 u64 data_size = ntfs_get_attribute_value_length(actx->attr);
152 u64 name_length = actx->attr->name_length;
153 if (data_size == 0) {
155 ERROR_WITH_ERRNO("Failed to get size of attribute of "
157 ret = WIMLIB_ERR_NTFS_3G;
160 /* Empty stream. No lookup table entry is needed. */
163 if (type == AT_REPARSE_POINT && data_size < 8) {
164 ERROR("`%s': reparse point buffer too small",
166 ret = WIMLIB_ERR_NTFS_3G;
169 /* Checksum the stream. */
170 ret = ntfs_attr_sha1sum(ni, actx->attr, attr_hash,
171 type == AT_REPARSE_POINT, &reparse_tag);
175 if (type == AT_REPARSE_POINT)
176 dentry->d_inode->i_reparse_tag = reparse_tag;
178 /* Make a lookup table entry for the stream, or use an existing
179 * one if there's already an identical stream. */
180 lte = __lookup_resource(lookup_table, attr_hash);
181 ret = WIMLIB_ERR_NOMEM;
185 ntfs_loc = CALLOC(1, sizeof(*ntfs_loc));
188 ntfs_loc->ntfs_vol_p = ntfs_vol_p;
189 ntfs_loc->path = MALLOC(path_len + 1);
191 goto out_free_ntfs_loc;
192 memcpy(ntfs_loc->path, path, path_len + 1);
194 ntfs_loc->stream_name = MALLOC(name_length * 2);
195 if (!ntfs_loc->stream_name)
196 goto out_free_ntfs_loc;
197 memcpy(ntfs_loc->stream_name,
198 attr_record_name(actx->attr),
199 actx->attr->name_length * 2);
200 ntfs_loc->stream_name_nchars = name_length;
203 lte = new_lookup_table_entry();
205 goto out_free_ntfs_loc;
206 lte->ntfs_loc = ntfs_loc;
207 lte->resource_location = RESOURCE_IN_NTFS_VOLUME;
208 if (type == AT_REPARSE_POINT) {
209 ntfs_loc->is_reparse_point = true;
210 lte->resource_entry.original_size = data_size - 8;
211 lte->resource_entry.size = data_size - 8;
213 ntfs_loc->is_reparse_point = false;
214 lte->resource_entry.original_size = data_size;
215 lte->resource_entry.size = data_size;
218 copy_hash(lte->hash, attr_hash);
219 lookup_table_insert(lookup_table, lte);
222 if (name_length == 0) {
223 /* Unnamed data stream. Put the reference to it in the
225 if (dentry->d_inode->i_lte) {
226 WARNING("Found two un-named data streams for "
228 free_lookup_table_entry(lte);
230 dentry->d_inode->i_lte = lte;
233 /* Named data stream. Put the reference to it in the
234 * alternate data stream entries */
235 struct wim_ads_entry *new_ads_entry;
237 new_ads_entry = inode_add_ads_utf16le(dentry->d_inode,
238 attr_record_name(actx->attr),
242 wimlib_assert(new_ads_entry->stream_name_nbytes == name_length * 2);
243 new_ads_entry->lte = lte;
249 free_lookup_table_entry(lte);
252 FREE(ntfs_loc->path);
253 FREE(ntfs_loc->stream_name);
257 ntfs_attr_put_search_ctx(actx);
259 DEBUG2("Successfully captured NTFS streams from `%s'", path);
261 ERROR("Failed to capture NTFS streams from `%s", path);
265 /* Red-black tree that maps NTFS inode numbers to DOS names */
266 struct dos_name_map {
267 struct rb_root rb_root;
270 struct dos_name_node {
271 struct rb_node rb_node;
277 /* Inserts a new DOS name into the map */
279 insert_dos_name(struct dos_name_map *map, const ntfschar *dos_name,
280 size_t name_nbytes, u64 ntfs_ino)
282 struct dos_name_node *new_node;
284 struct rb_root *root;
285 struct rb_node *rb_parent;
287 DEBUG("DOS name_len = %zu", name_nbytes);
288 new_node = MALLOC(sizeof(struct dos_name_node));
292 /* DOS names are supposed to be 12 characters max (that's 24 bytes,
293 * assuming 2-byte ntfs characters) */
294 wimlib_assert(name_nbytes <= sizeof(new_node->dos_name));
296 /* Initialize the DOS name, DOS name length, and NTFS inode number of
297 * the red-black tree node */
298 memcpy(new_node->dos_name, dos_name, name_nbytes);
299 new_node->name_nbytes = name_nbytes;
300 new_node->ntfs_ino = ntfs_ino;
302 /* Insert the red-black tree node */
303 root = &map->rb_root;
307 struct dos_name_node *this;
309 this = container_of(*p, struct dos_name_node, rb_node);
311 if (new_node->ntfs_ino < this->ntfs_ino)
312 p = &((*p)->rb_left);
313 else if (new_node->ntfs_ino > this->ntfs_ino)
314 p = &((*p)->rb_right);
316 /* This should be impossible since a NTFS inode cannot
317 * have multiple DOS names, and we only should get each
318 * DOS name entry once from the ntfs_readdir() calls. */
319 ERROR("NTFS inode %"PRIu64" has multiple DOS names",
324 rb_link_node(&new_node->rb_node, rb_parent, p);
325 rb_insert_color(&new_node->rb_node, root);
326 DEBUG("Inserted DOS name for inode %"PRIu64, ntfs_ino);
330 /* Returns a structure that contains the DOS name and its length for a NTFS
331 * inode, or NULL if the inode has no DOS name. */
332 static struct dos_name_node *
333 lookup_dos_name(const struct dos_name_map *map, u64 ntfs_ino)
335 struct rb_node *node = map->rb_root.rb_node;
337 struct dos_name_node *this;
338 this = container_of(node, struct dos_name_node, rb_node);
339 if (ntfs_ino < this->ntfs_ino)
340 node = node->rb_left;
341 else if (ntfs_ino > this->ntfs_ino)
342 node = node->rb_right;
350 set_dentry_dos_name(struct wim_dentry *dentry, void *arg)
352 const struct dos_name_map *map = arg;
353 const struct dos_name_node *node;
355 if (dentry->is_win32_name) {
356 node = lookup_dos_name(map, dentry->d_inode->i_ino);
358 dentry->short_name = MALLOC(node->name_nbytes + 2);
359 if (!dentry->short_name)
360 return WIMLIB_ERR_NOMEM;
361 memcpy(dentry->short_name, node->dos_name,
363 dentry->short_name[node->name_nbytes / 2] = 0;
364 dentry->short_name_nbytes = node->name_nbytes;
365 DEBUG("Assigned DOS name to ino %"PRIu64,
366 dentry->d_inode->i_ino);
368 WARNING("NTFS inode %"PRIu64" has Win32 name with no "
369 "corresponding DOS name",
370 dentry->d_inode->i_ino);
377 free_dos_name_tree(struct rb_node *node) {
379 free_dos_name_tree(node->rb_left);
380 free_dos_name_tree(node->rb_right);
381 FREE(container_of(node, struct dos_name_node, rb_node));
386 destroy_dos_name_map(struct dos_name_map *map)
388 free_dos_name_tree(map->rb_root.rb_node);
392 struct wim_dentry *parent;
396 struct wim_lookup_table *lookup_table;
397 struct sd_set *sd_set;
398 struct dos_name_map *dos_name_map;
399 const struct capture_config *config;
400 ntfs_volume **ntfs_vol_p;
402 wimlib_progress_func_t progress_func;
406 build_dentry_tree_ntfs_recursive(struct wim_dentry **root_p, ntfs_inode *dir_ni,
407 ntfs_inode *ni, char path[], size_t path_len,
409 struct wim_lookup_table *lookup_table,
410 struct sd_set *sd_set,
411 const struct capture_config *config,
412 ntfs_volume **ntfs_vol_p,
414 wimlib_progress_func_t progress_func);
417 wim_ntfs_capture_filldir(void *dirent, const ntfschar *name,
418 const int name_nchars, const int name_type,
419 const s64 pos, const MFT_REF mref,
420 const unsigned dt_type)
422 struct readdir_ctx *ctx;
423 size_t mbs_name_nbytes;
425 struct wim_dentry *child;
428 size_t name_nbytes = name_nchars * sizeof(ntfschar);
431 if (name_type & FILE_NAME_DOS) {
432 /* If this is the entry for a DOS name, store it for later. */
433 ret = insert_dos_name(ctx->dos_name_map, name,
434 name_nbytes, mref & MFT_REF_MASK_CPU);
436 /* Return now if an error occurred or if this is just a DOS name
437 * and not a Win32+DOS name. */
438 if (ret != 0 || name_type == FILE_NAME_DOS)
441 ret = utf16le_to_mbs(name, name_nbytes,
442 &mbs_name, &mbs_name_nbytes);
446 if (mbs_name[0] == '.' &&
447 (mbs_name[1] == '\0' ||
448 (mbs_name[1] == '.' && mbs_name[2] == '\0'))) {
451 * note: name_type is POSIX for these, so DOS names will not
452 * have been inserted for them. */
454 goto out_free_mbs_name;
457 /* Open the inode for this directory entry and recursively capture the
458 * directory tree rooted at it */
459 ntfs_inode *ni = ntfs_inode_open(ctx->dir_ni->vol, mref);
461 ERROR_WITH_ERRNO("Failed to open NTFS inode");
463 goto out_free_mbs_name;
465 path_len = ctx->path_len;
467 ctx->path[path_len++] = '/';
468 memcpy(ctx->path + path_len, mbs_name, mbs_name_nbytes + 1);
469 path_len += mbs_name_nbytes;
471 ret = build_dentry_tree_ntfs_recursive(&child, ctx->dir_ni,
472 ni, ctx->path, path_len, name_type,
473 ctx->lookup_table, ctx->sd_set,
474 ctx->config, ctx->ntfs_vol_p,
475 ctx->add_image_flags,
478 dentry_add_child(ctx->parent, child);
479 ntfs_inode_close(ni);
486 /* Recursively build a WIM dentry tree corresponding to a NTFS volume.
487 * At the same time, update the WIM lookup table with lookup table entries for
488 * the NTFS streams, and build an array of security descriptors.
491 build_dentry_tree_ntfs_recursive(struct wim_dentry **root_p,
497 struct wim_lookup_table *lookup_table,
498 struct sd_set *sd_set,
499 const struct capture_config *config,
500 ntfs_volume **ntfs_vol_p,
502 wimlib_progress_func_t progress_func)
506 struct wim_dentry *root;
508 if (exclude_path(path, config, false)) {
509 /* Exclude a file or directory tree based on the capture
510 * configuration file */
511 if ((add_image_flags & WIMLIB_ADD_IMAGE_FLAG_VERBOSE)
514 union wimlib_progress_info info;
515 info.scan.cur_path = path;
516 info.scan.excluded = true;
517 progress_func(WIMLIB_PROGRESS_MSG_SCAN_DENTRY, &info);
523 /* Get file attributes */
524 struct SECURITY_CONTEXT ctx;
525 memset(&ctx, 0, sizeof(ctx));
527 ret = ntfs_xattr_system_getxattr(&ctx, XATTR_NTFS_ATTRIB,
528 ni, dir_ni, (char *)&attributes,
531 ERROR_WITH_ERRNO("Failed to get NTFS attributes from `%s'",
533 return WIMLIB_ERR_NTFS_3G;
536 if ((add_image_flags & WIMLIB_ADD_IMAGE_FLAG_VERBOSE)
539 union wimlib_progress_info info;
540 info.scan.cur_path = path;
541 info.scan.excluded = false;
542 progress_func(WIMLIB_PROGRESS_MSG_SCAN_DENTRY, &info);
545 /* Create the new WIM dentry */
546 ret = new_dentry_with_timeless_inode(path_basename(path), &root);
552 if (name_type & FILE_NAME_WIN32) /* Win32 or Win32+DOS name */
553 root->is_win32_name = 1;
554 root->d_inode->i_creation_time = le64_to_cpu(ni->creation_time);
555 root->d_inode->i_last_write_time = le64_to_cpu(ni->last_data_change_time);
556 root->d_inode->i_last_access_time = le64_to_cpu(ni->last_access_time);
557 root->d_inode->i_attributes = le32_to_cpu(attributes);
558 root->d_inode->i_ino = ni->mft_no;
559 root->d_inode->i_resolved = 1;
561 if (attributes & FILE_ATTR_REPARSE_POINT) {
562 /* Junction point, symbolic link, or other reparse point */
563 ret = capture_ntfs_streams(root, ni, path, path_len,
564 lookup_table, ntfs_vol_p,
566 } else if (ni->mrec->flags & MFT_RECORD_IS_DIRECTORY) {
568 /* Normal directory */
570 struct dos_name_map dos_name_map = { .rb_root = {.rb_node = NULL} };
571 struct readdir_ctx ctx = {
575 .path_len = path_len,
576 .lookup_table = lookup_table,
578 .dos_name_map = &dos_name_map,
580 .ntfs_vol_p = ntfs_vol_p,
581 .add_image_flags = add_image_flags,
582 .progress_func = progress_func,
584 ret = ntfs_readdir(ni, &pos, &ctx, wim_ntfs_capture_filldir);
586 ERROR_WITH_ERRNO("ntfs_readdir()");
587 ret = WIMLIB_ERR_NTFS_3G;
589 ret = for_dentry_child(root, set_dentry_dos_name,
592 destroy_dos_name_map(&dos_name_map);
595 ret = capture_ntfs_streams(root, ni, path, path_len,
596 lookup_table, ntfs_vol_p,
602 /* Get security descriptor */
606 ret = ntfs_xattr_system_getxattr(&ctx, XATTR_NTFS_ACL,
609 if (ret > sizeof(sd)) {
611 ret = ntfs_xattr_system_getxattr(&ctx, XATTR_NTFS_ACL,
612 ni, dir_ni, sd, ret);
615 root->d_inode->i_security_id = sd_set_add_sd(sd_set, sd, ret);
616 if (root->d_inode->i_security_id == -1) {
617 ERROR("Out of memory");
618 return WIMLIB_ERR_NOMEM;
620 DEBUG("Added security ID = %u for `%s'",
621 root->d_inode->i_security_id, path);
623 } else if (ret < 0) {
624 ERROR_WITH_ERRNO("Failed to get security information from "
626 ret = WIMLIB_ERR_NTFS_3G;
628 root->d_inode->i_security_id = -1;
629 DEBUG("No security ID for `%s'", path);
635 build_dentry_tree_ntfs(struct wim_dentry **root_p,
636 const mbchar *device,
637 struct wim_lookup_table *lookup_table,
638 struct wim_security_data *sd,
639 const struct capture_config *config,
641 wimlib_progress_func_t progress_func,
647 struct sd_set sd_set = {
651 ntfs_volume **ntfs_vol_p = extra_arg;
653 DEBUG("Mounting NTFS volume `%s' read-only", device);
655 #ifdef HAVE_NTFS_MNT_RDONLY
657 vol = ntfs_mount(device, NTFS_MNT_RDONLY);
659 /* NTFS-3g 2011, 2012 */
660 vol = ntfs_mount(device, MS_RDONLY);
663 ERROR_WITH_ERRNO("Failed to mount NTFS volume `%s' read-only",
665 return WIMLIB_ERR_NTFS_3G;
667 ntfs_open_secure(vol);
669 /* We don't want to capture the special NTFS files such as $Bitmap. Not
670 * to be confused with "hidden" or "system" files which are real files
671 * that we do need to capture. */
672 NVolClearShowSysFiles(vol);
674 DEBUG("Opening root NTFS dentry");
675 root_ni = ntfs_inode_open(vol, FILE_root);
677 ERROR_WITH_ERRNO("Failed to open root inode of NTFS volume "
679 ret = WIMLIB_ERR_NTFS_3G;
683 /* Currently we assume that all the paths fit into this length and there
684 * is no check for overflow. */
685 mbchar *path = MALLOC(32768);
687 ERROR("Could not allocate memory for NTFS pathname");
688 ret = WIMLIB_ERR_NOMEM;
694 ret = build_dentry_tree_ntfs_recursive(root_p, NULL, root_ni, path, 1,
695 FILE_NAME_POSIX, lookup_table,
702 ntfs_inode_close(root_ni);
703 destroy_sd_set(&sd_set);
705 ntfs_index_ctx_put(vol->secure_xsii);
706 ntfs_index_ctx_put(vol->secure_xsdh);
707 ntfs_inode_close(vol->secure_ni);
710 if (ntfs_umount(vol, FALSE) != 0) {
711 ERROR_WITH_ERRNO("Failed to unmount NTFS volume `%s'",
714 ret = WIMLIB_ERR_NTFS_3G;
717 /* We need to leave the NTFS volume mounted so that we can read
718 * the NTFS files again when we are actually writing the WIM */
git://wimlib.net / wimlib / blob