7c92c9e240005782d674c14e0602e04a56f7aef4
[wimlib] / src / ntfs-capture.c
1 /*
2  * ntfs-capture.c
3  *
4  * Capture a WIM image from a NTFS volume.  We capture everything we can,
5  * including security data and alternate data streams.
6  */
7
8 /*
9  * Copyright (C) 2012 Eric Biggers
10  *
11  * This file is part of wimlib, a library for working with WIM files.
12  *
13  * wimlib is free software; you can redistribute it and/or modify it under the
14  * terms of the GNU General Public License as published by the Free
15  * Software Foundation; either version 3 of the License, or (at your option)
16  * any later version.
17  *
18  * wimlib is distributed in the hope that it will be useful, but WITHOUT ANY
19  * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
20  * A PARTICULAR PURPOSE. See the GNU General Public License for more
21  * details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with wimlib; if not, see http://www.gnu.org/licenses/.
25  */
26
27
28 #include "config.h"
29
30 #ifdef WITH_NTFS_3G
31 #include <ntfs-3g/endians.h>
32 #include <ntfs-3g/types.h>
33 #endif
34
35 #include "wimlib_internal.h"
36
37
38 #ifdef WITH_NTFS_3G
39 #include "dentry.h"
40 #include "lookup_table.h"
41 #include "io.h"
42 #include <ntfs-3g/layout.h>
43 #include <ntfs-3g/acls.h>
44 #include <ntfs-3g/attrib.h>
45 #include <ntfs-3g/misc.h>
46 #include <ntfs-3g/reparse.h>
47 #include <ntfs-3g/security.h> /* security.h before xattrs.h */
48 #include <ntfs-3g/xattrs.h>
49 #include <ntfs-3g/volume.h>
50 #include <stdlib.h>
51 #include <unistd.h>
52 #include <errno.h>
53
54 #if 0
55 extern int ntfs_get_inode_security(ntfs_inode *ni, u32 selection, char *buf,
56                                    u32 buflen, u32 *psize);
57
58 extern u32 ntfs_get_inode_attributes(ntfs_inode *ni);
59 #endif
60
61 /* Structure that allows searching the security descriptors by SHA1 message
62  * digest. */
63 struct sd_set {
64         struct wim_security_data *sd;
65         struct sd_node *root;
66 };
67
68 /* Binary tree node of security descriptors, indexed by the @hash field. */
69 struct sd_node {
70         int security_id;
71         u8 hash[SHA1_HASH_SIZE];
72         struct sd_node *left;
73         struct sd_node *right;
74 };
75
76 static void free_sd_tree(struct sd_node *root)
77 {
78         if (root) {
79                 free_sd_tree(root->left);
80                 free_sd_tree(root->right);
81                 FREE(root);
82         }
83 }
84 /* Frees a security descriptor index set. */
85 static void destroy_sd_set(struct sd_set *sd_set)
86 {
87         free_sd_tree(sd_set->root);
88 }
89
90 /* Inserts a a new node into the security descriptor index tree. */
91 static void insert_sd_node(struct sd_node *new, struct sd_node *root)
92 {
93         int cmp = hashes_cmp(new->hash, root->hash);
94         if (cmp < 0) {
95                 if (root->left)
96                         insert_sd_node(new, root->left);
97                 else 
98                         root->left = new;
99         } else if (cmp > 0) {
100                 if (root->right)
101                         insert_sd_node(new, root->right);
102                 else 
103                         root->right = new;
104         } else {
105                 wimlib_assert(0);
106         }
107 }
108
109 /* Returns the security ID of the security data having a SHA1 message digest of
110  * @hash in the security descriptor index tree rooted at @root. 
111  *
112  * If not found, return -1. */
113 static int lookup_sd(const u8 hash[SHA1_HASH_SIZE], struct sd_node *root)
114 {
115         int cmp;
116         if (!root)
117                 return -1;
118         cmp = hashes_cmp(hash, root->hash);
119         if (cmp < 0)
120                 return lookup_sd(hash, root->left);
121         else if (cmp > 0)
122                 return lookup_sd(hash, root->right);
123         else
124                 return root->security_id;
125 }
126
127 /*
128  * Adds a security descriptor to the indexed security descriptor set as well as
129  * the corresponding `struct wim_security_data', and returns the new security
130  * ID; or, if there is an existing security descriptor that is the same, return
131  * the security ID for it.  If a new security descriptor cannot be allocated,
132  * return -1.
133  */
134 static int sd_set_add_sd(struct sd_set *sd_set, const char descriptor[],
135                          size_t size)
136 {
137         u8 hash[SHA1_HASH_SIZE];
138         int security_id;
139         struct sd_node *new;
140         u8 **descriptors;
141         u64 *sizes;
142         u8 *descr_copy;
143         struct wim_security_data *sd;
144
145         sha1_buffer((const u8*)descriptor, size, hash);
146
147         security_id = lookup_sd(hash, sd_set->root);
148         if (security_id >= 0)
149                 return security_id;
150
151         new = MALLOC(sizeof(*new));
152         if (!new)
153                 goto out;
154         descr_copy = MALLOC(size);
155         if (!descr_copy)
156                 goto out_free_node;
157
158         sd = sd_set->sd;
159
160         memcpy(descr_copy, descriptor, size);
161         new->security_id = sd->num_entries;
162         new->left = NULL;
163         new->right = NULL;
164         copy_hash(new->hash, hash);
165
166
167         descriptors = REALLOC(sd->descriptors,
168                               (sd->num_entries + 1) * sizeof(sd->descriptors[0]));
169         if (!descriptors)
170                 goto out_free_descr;
171         sd->descriptors = descriptors;
172         sizes = REALLOC(sd->sizes,
173                         (sd->num_entries + 1) * sizeof(sd->sizes[0]));
174         if (!sizes)
175                 goto out_free_descr;
176         sd->sizes = sizes;
177         sd->descriptors[sd->num_entries] = descr_copy;
178         sd->sizes[sd->num_entries] = size;
179         sd->num_entries++;
180         DEBUG("There are now %d security descriptors", sd->num_entries);
181         sd->total_length += size + sizeof(sd->sizes[0]);
182
183         if (sd_set->root)
184                 insert_sd_node(new, sd_set->root);
185         else
186                 sd_set->root = new;
187         return new->security_id;
188 out_free_descr:
189         FREE(descr_copy);
190 out_free_node:
191         FREE(new);
192 out:
193         return -1;
194 }
195
196 static inline ntfschar *attr_record_name(ATTR_RECORD *ar)
197 {
198         return (ntfschar*)((u8*)ar + le16_to_cpu(ar->name_offset));
199 }
200
201 /* Calculates the SHA1 message digest of a NTFS attribute. 
202  *
203  * @ni:  The NTFS inode containing the attribute.
204  * @ar:  The ATTR_RECORD describing the attribute.
205  * @md:  If successful, the returned SHA1 message digest.
206  * @reparse_tag_ret:    Optional pointer into which the first 4 bytes of the
207  *                              attribute will be written (to get the reparse
208  *                              point ID)
209  *
210  * Return 0 on success or nonzero on error.
211  */
212 static int ntfs_attr_sha1sum(ntfs_inode *ni, ATTR_RECORD *ar,
213                              u8 md[SHA1_HASH_SIZE],
214                              u32 *reparse_tag_ret)
215 {
216         s64 pos = 0;
217         s64 bytes_remaining;
218         char buf[4096];
219         ntfs_attr *na;
220         SHA_CTX ctx;
221
222         na = ntfs_attr_open(ni, ar->type, attr_record_name(ar),
223                             ar->name_length);
224         if (!na) {
225                 ERROR_WITH_ERRNO("Failed to open NTFS attribute");
226                 return WIMLIB_ERR_NTFS_3G;
227         }
228
229         bytes_remaining = na->data_size;
230         sha1_init(&ctx);
231
232         DEBUG2("Calculating SHA1 message digest (%"PRIu64" bytes)",
233                bytes_remaining);
234
235         while (bytes_remaining) {
236                 s64 to_read = min(bytes_remaining, sizeof(buf));
237                 if (ntfs_attr_pread(na, pos, to_read, buf) != to_read) {
238                         ERROR_WITH_ERRNO("Error reading NTFS attribute");
239                         return WIMLIB_ERR_NTFS_3G;
240                 }
241                 if (bytes_remaining == na->data_size && reparse_tag_ret)
242                         *reparse_tag_ret = le32_to_cpu(*(u32*)buf);
243                 sha1_update(&ctx, buf, to_read);
244                 pos += to_read;
245                 bytes_remaining -= to_read;
246         }
247         sha1_final(md, &ctx);
248         ntfs_attr_close(na);
249         return 0;
250 }
251
252 /* Load the streams from a WIM file or reparse point in the NTFS volume into the
253  * WIM lookup table */
254 static int capture_ntfs_streams(struct dentry *dentry, ntfs_inode *ni,
255                                 char path[], size_t path_len,
256                                 struct lookup_table *lookup_table,
257                                 ntfs_volume **ntfs_vol_p,
258                                 ATTR_TYPES type)
259 {
260         ntfs_attr_search_ctx *actx;
261         u8 attr_hash[SHA1_HASH_SIZE];
262         struct ntfs_location *ntfs_loc = NULL;
263         int ret = 0;
264         struct lookup_table_entry *lte;
265
266         DEBUG2("Capturing NTFS data streams from `%s'", path);
267
268         /* Get context to search the streams of the NTFS file. */
269         actx = ntfs_attr_get_search_ctx(ni, NULL);
270         if (!actx) {
271                 ERROR_WITH_ERRNO("Cannot get NTFS attribute search "
272                                  "context");
273                 return WIMLIB_ERR_NTFS_3G;
274         }
275
276         /* Capture each data stream or reparse data stream. */
277         while (!ntfs_attr_lookup(type, NULL, 0,
278                                  CASE_SENSITIVE, 0, NULL, 0, actx))
279         {
280                 char *stream_name_utf8;
281                 size_t stream_name_utf16_len;
282                 u32 reparse_tag;
283                 u64 data_size = ntfs_get_attribute_value_length(actx->attr);
284                 u64 name_length = actx->attr->name_length;
285
286                 if (data_size == 0) { 
287                         if (errno != 0) {
288                                 ERROR_WITH_ERRNO("Failed to get size of attribute of "
289                                                  "`%s'", path);
290                                 ret = WIMLIB_ERR_NTFS_3G;
291                                 goto out_put_actx;
292                         }
293                         /* Empty stream.  No lookup table entry is needed. */
294                         lte = NULL;
295                 } else {
296                         if (type == AT_REPARSE_POINT && data_size < 8) {
297                                 ERROR("`%s': reparse point buffer too small",
298                                       path);
299                                 ret = WIMLIB_ERR_NTFS_3G;
300                                 goto out_put_actx;
301                         }
302                         /* Checksum the stream. */
303                         ret = ntfs_attr_sha1sum(ni, actx->attr, attr_hash, &reparse_tag);
304                         if (ret != 0)
305                                 goto out_put_actx;
306
307                         /* Make a lookup table entry for the stream, or use an existing
308                          * one if there's already an identical stream. */
309                         lte = __lookup_resource(lookup_table, attr_hash);
310                         ret = WIMLIB_ERR_NOMEM;
311                         if (lte) {
312                                 lte->refcnt++;
313                         } else {
314                                 ntfs_loc = CALLOC(1, sizeof(*ntfs_loc));
315                                 if (!ntfs_loc)
316                                         goto out_put_actx;
317                                 ntfs_loc->ntfs_vol_p = ntfs_vol_p;
318                                 ntfs_loc->path_utf8 = MALLOC(path_len + 1);
319                                 if (!ntfs_loc->path_utf8)
320                                         goto out_free_ntfs_loc;
321                                 memcpy(ntfs_loc->path_utf8, path, path_len + 1);
322                                 if (name_length) {
323                                         ntfs_loc->stream_name_utf16 = MALLOC(name_length * 2);
324                                         if (!ntfs_loc->stream_name_utf16)
325                                                 goto out_free_ntfs_loc;
326                                         memcpy(ntfs_loc->stream_name_utf16,
327                                                attr_record_name(actx->attr),
328                                                actx->attr->name_length * 2);
329                                         ntfs_loc->stream_name_utf16_num_chars = name_length;
330                                 }
331
332                                 lte = new_lookup_table_entry();
333                                 if (!lte)
334                                         goto out_free_ntfs_loc;
335                                 lte->ntfs_loc = ntfs_loc;
336                                 lte->resource_location = RESOURCE_IN_NTFS_VOLUME;
337                                 if (type == AT_REPARSE_POINT) {
338                                         dentry->inode->reparse_tag = reparse_tag;
339                                         ntfs_loc->is_reparse_point = true;
340                                         lte->resource_entry.original_size = data_size - 8;
341                                         lte->resource_entry.size = data_size - 8;
342                                 } else {
343                                         ntfs_loc->is_reparse_point = false;
344                                         lte->resource_entry.original_size = data_size;
345                                         lte->resource_entry.size = data_size;
346                                 }
347                                 ntfs_loc = NULL;
348                                 DEBUG("Add resource for `%s' (size = %zu)",
349                                       dentry->file_name_utf8,
350                                       lte->resource_entry.original_size);
351                                 copy_hash(lte->hash, attr_hash);
352                                 lookup_table_insert(lookup_table, lte);
353                         }
354                 }
355                 if (name_length == 0) {
356                         /* Unnamed data stream.  Put the reference to it in the
357                          * dentry's inode. */
358                         if (dentry->inode->lte) {
359                                 ERROR("Found two un-named data streams for "
360                                       "`%s'", path);
361                                 ret = WIMLIB_ERR_NTFS_3G;
362                                 goto out_free_lte;
363                         }
364                         dentry->inode->lte = lte;
365                 } else {
366                         /* Named data stream.  Put the reference to it in the
367                          * alternate data stream entries */
368                         struct ads_entry *new_ads_entry;
369                         size_t stream_name_utf8_len;
370                         stream_name_utf8 = utf16_to_utf8((const char*)attr_record_name(actx->attr),
371                                                          name_length * 2,
372                                                          &stream_name_utf8_len);
373                         if (!stream_name_utf8)
374                                 goto out_free_lte;
375                         new_ads_entry = inode_add_ads(dentry->inode, stream_name_utf8);
376                         FREE(stream_name_utf8);
377                         if (!new_ads_entry)
378                                 goto out_free_lte;
379
380                         wimlib_assert(new_ads_entry->stream_name_len == name_length * 2);
381                                 
382                         new_ads_entry->lte = lte;
383                 }
384         }
385         ret = 0;
386         goto out_put_actx;
387 out_free_lte:
388         free_lookup_table_entry(lte);
389 out_free_ntfs_loc:
390         if (ntfs_loc) {
391                 FREE(ntfs_loc->path_utf8);
392                 FREE(ntfs_loc->stream_name_utf16);
393                 FREE(ntfs_loc);
394         }
395 out_put_actx:
396         ntfs_attr_put_search_ctx(actx);
397         if (ret == 0)
398                 DEBUG2("Successfully captured NTFS streams from `%s'", path);
399         else
400                 ERROR("Failed to capture NTFS streams from `%s", path);
401         return ret;
402 }
403
404 struct readdir_ctx {
405         struct dentry       *parent;
406         ntfs_inode          *dir_ni;
407         char                *path;
408         size_t               path_len;
409         struct lookup_table *lookup_table;
410         struct sd_set       *sd_set;
411         const struct capture_config *config;
412         ntfs_volume        **ntfs_vol_p;
413         int                  flags;
414 };
415
416 static int
417 build_dentry_tree_ntfs_recursive(struct dentry **root_p, ntfs_inode *dir_ni,
418                                  ntfs_inode *ni, char path[], size_t path_len,
419                                  int name_type,
420                                  struct lookup_table *lookup_table,
421                                  struct sd_set *sd_set,
422                                  const struct capture_config *config,
423                                  ntfs_volume **ntfs_vol_p,
424                                  int flags);
425
426 static int wim_ntfs_capture_filldir(void *dirent, const ntfschar *name,
427                                     const int name_len, const int name_type,
428                                     const s64 pos, const MFT_REF mref,
429                                     const unsigned dt_type)
430 {
431         struct readdir_ctx *ctx;
432         size_t utf8_name_len;
433         char *utf8_name;
434         struct dentry *child = NULL;
435         int ret;
436         size_t path_len;
437
438         if (name_type == FILE_NAME_DOS)
439                 return 0;
440
441         ret = -1;
442
443         utf8_name = utf16_to_utf8((const char*)name, name_len * 2,
444                                   &utf8_name_len);
445         if (!utf8_name)
446                 goto out;
447
448         if (utf8_name[0] == '.' &&
449              (utf8_name[1] == '\0' ||
450               (utf8_name[1] == '.' && utf8_name[2] == '\0'))) {
451                 ret = 0;
452                 goto out_free_utf8_name;
453         }
454
455         ctx = dirent;
456
457         ntfs_inode *ni = ntfs_inode_open(ctx->dir_ni->vol, mref);
458         if (!ni) {
459                 ERROR_WITH_ERRNO("Failed to open NTFS inode");
460                 goto out_free_utf8_name;
461         }
462         path_len = ctx->path_len;
463         if (path_len != 1)
464                 ctx->path[path_len++] = '/';
465         memcpy(ctx->path + path_len, utf8_name, utf8_name_len + 1);
466         path_len += utf8_name_len;
467         ret = build_dentry_tree_ntfs_recursive(&child, ctx->dir_ni,
468                                                ni, ctx->path, path_len, name_type,
469                                                ctx->lookup_table, ctx->sd_set,
470                                                ctx->config, ctx->ntfs_vol_p,
471                                                ctx->flags);
472
473         if (child)
474                 link_dentry(child, ctx->parent);
475
476         ntfs_inode_close(ni);
477 out_free_utf8_name:
478         FREE(utf8_name);
479 out:
480         return ret;
481 }
482
483 static int change_dentry_short_name(struct dentry *dentry,
484                                     const char short_name_utf8[],
485                                     int short_name_utf8_len)
486 {
487         size_t short_name_utf16_len;
488         char *short_name_utf16;
489         short_name_utf16 = utf8_to_utf16(short_name_utf8, short_name_utf8_len,
490                                          &short_name_utf16_len);
491         if (!short_name_utf16) {
492                 ERROR_WITH_ERRNO("Failed to convert short name to UTF-16");
493                 return WIMLIB_ERR_NOMEM;
494         }
495         dentry->short_name = short_name_utf16;
496         dentry->short_name_len = short_name_utf16_len;
497         return 0;
498 }
499
500 /* Recursively build a WIM dentry tree corresponding to a NTFS volume.
501  * At the same time, update the WIM lookup table with lookup table entries for
502  * the NTFS streams, and build an array of security descriptors.
503  */
504 static int build_dentry_tree_ntfs_recursive(struct dentry **root_p,
505                                             ntfs_inode *dir_ni,
506                                             ntfs_inode *ni,
507                                             char path[],
508                                             size_t path_len,
509                                             int name_type,
510                                             struct lookup_table *lookup_table,
511                                             struct sd_set *sd_set,
512                                             const struct capture_config *config,
513                                             ntfs_volume **ntfs_vol_p,
514                                             int flags)
515 {
516         u32 attributes;
517         int mrec_flags;
518         u32 sd_size = 0;
519         int ret;
520         char dos_name_utf8[64];
521         struct dentry *root;
522
523         mrec_flags = ni->mrec->flags;
524 #ifdef HAVE_NTFS_INODE_FUNCTIONS
525         attributes = ntfs_get_inode_attributes(ni);
526 #else
527         struct SECURITY_CONTEXT ctx;
528         memset(&ctx, 0, sizeof(ctx));
529         ctx.vol = ni->vol;
530         ret = ntfs_xattr_system_getxattr(&ctx, XATTR_NTFS_ATTRIB,
531                                          ni, dir_ni, (char *)&attributes,
532                                          sizeof(u32));
533         if (ret != 4) {
534                 ERROR_WITH_ERRNO("Failed to get NTFS attributes from `%s'",
535                                  path);
536                 return WIMLIB_ERR_NTFS_3G;
537         }
538 #endif
539
540         if (exclude_path(path, config, false)) {
541                 if (flags & WIMLIB_ADD_IMAGE_FLAG_VERBOSE) {
542                         const char *file_type;
543                         if (attributes & MFT_RECORD_IS_DIRECTORY)
544                                 file_type = "directory";
545                         else
546                                 file_type = "file";
547                         printf("Excluding %s `%s' from capture\n",
548                                file_type, path);
549                 }
550                 *root_p = NULL;
551                 return 0;
552         }
553
554         if (flags & WIMLIB_ADD_IMAGE_FLAG_VERBOSE)
555                 printf("Scanning `%s'\n", path);
556
557         root = new_dentry_with_timeless_inode(path_basename(path));
558         if (!root)
559                 return WIMLIB_ERR_NOMEM;
560         *root_p = root;
561
562         if (dir_ni && (name_type == FILE_NAME_WIN32_AND_DOS
563                        || name_type == FILE_NAME_WIN32))
564         {
565                 ret = ntfs_get_ntfs_dos_name(ni, dir_ni, dos_name_utf8,
566                                              sizeof(dos_name_utf8));
567                 if (ret > 0) {
568                         DEBUG("Changing short name of `%s'", path);
569                         ret = change_dentry_short_name(root, dos_name_utf8,
570                                                        ret);
571                         if (ret != 0)
572                                 return ret;
573                 } else {
574                 #ifdef ENODATA
575                         if (errno != ENODATA) {
576                                 ERROR_WITH_ERRNO("Error getting DOS name "
577                                                  "of `%s'", path);
578                                 return WIMLIB_ERR_NTFS_3G;
579                         }
580                 #endif
581                 }
582         }
583
584         root->inode->creation_time    = le64_to_cpu(ni->creation_time);
585         root->inode->last_write_time  = le64_to_cpu(ni->last_data_change_time);
586         root->inode->last_access_time = le64_to_cpu(ni->last_access_time);
587         root->inode->attributes       = le32_to_cpu(attributes);
588         root->inode->ino              = ni->mft_no;
589         root->inode->resolved         = true;
590
591         if (attributes & FILE_ATTR_REPARSE_POINT) {
592                 /* Junction point, symbolic link, or other reparse point */
593                 ret = capture_ntfs_streams(root, ni, path, path_len,
594                                            lookup_table, ntfs_vol_p,
595                                            AT_REPARSE_POINT);
596         } else if (mrec_flags & MFT_RECORD_IS_DIRECTORY) {
597
598                 /* Normal directory */
599                 s64 pos = 0;
600                 struct readdir_ctx ctx = {
601                         .parent       = root,
602                         .dir_ni       = ni,
603                         .path         = path,
604                         .path_len     = path_len,
605                         .lookup_table = lookup_table,
606                         .sd_set       = sd_set,
607                         .config       = config,
608                         .ntfs_vol_p   = ntfs_vol_p,
609                         .flags        = flags,
610                 };
611                 ret = ntfs_readdir(ni, &pos, &ctx, wim_ntfs_capture_filldir);
612                 if (ret != 0) {
613                         ERROR_WITH_ERRNO("ntfs_readdir()");
614                         ret = WIMLIB_ERR_NTFS_3G;
615                 }
616         } else {
617                 /* Normal file */
618                 ret = capture_ntfs_streams(root, ni, path, path_len,
619                                            lookup_table, ntfs_vol_p,
620                                            AT_DATA);
621         }
622         if (ret != 0)
623                 return ret;
624
625 #ifdef HAVE_NTFS_INODE_FUNCTIONS
626         ret = ntfs_get_inode_security(ni,
627                                       OWNER_SECURITY_INFORMATION |
628                                       GROUP_SECURITY_INFORMATION |
629                                       DACL_SECURITY_INFORMATION  |
630                                       SACL_SECURITY_INFORMATION,
631                                       NULL, 0, &sd_size);
632         char sd[sd_size];
633         ret = ntfs_get_inode_security(ni,
634                                       OWNER_SECURITY_INFORMATION |
635                                       GROUP_SECURITY_INFORMATION |
636                                       DACL_SECURITY_INFORMATION  |
637                                       SACL_SECURITY_INFORMATION,
638                                       sd, sd_size, &sd_size);
639         if (ret == 0) {
640                 ERROR_WITH_ERRNO("Failed to get security information from "
641                                  "`%s'", path);
642                 ret = WIMLIB_ERR_NTFS_3G;
643         } else {
644                 if (ret > 0) {
645                         /*print_security_descriptor(sd, sd_size);*/
646                         root->security_id = sd_set_add_sd(sd_set, sd, ret);
647                         if (root->security_id == -1) {
648                                 ERROR("Out of memory");
649                                 return WIMLIB_ERR_NOMEM;
650                         }
651                         DEBUG("Added security ID = %u for `%s'",
652                               root->security_id, path);
653                 } else { 
654                         root->security_id = -1;
655                         DEBUG("No security ID for `%s'", path);
656                 }
657                 ret = 0;
658         }
659 #else
660         char _sd[1];
661         char *sd = _sd;
662         errno = 0;
663         ret = ntfs_xattr_system_getxattr(&ctx, XATTR_NTFS_ACL,
664                                          ni, dir_ni, sd,
665                                          sizeof(sd));
666         if (ret > sizeof(sd)) {
667                 sd = alloca(ret);
668                 ret = ntfs_xattr_system_getxattr(&ctx, XATTR_NTFS_ACL,
669                                                  ni, dir_ni, sd, ret);
670         }
671         if (ret > 0) {
672                 root->inode->security_id = sd_set_add_sd(sd_set, sd, ret);
673                 if (root->inode->security_id == -1) {
674                         ERROR("Out of memory");
675                         return WIMLIB_ERR_NOMEM;
676                 }
677                 DEBUG("Added security ID = %u for `%s'",
678                       root->inode->security_id, path);
679                 ret = 0;
680         } else if (ret < 0) {
681                 ERROR_WITH_ERRNO("Failed to get security information from "
682                                  "`%s'", path);
683                 ret = WIMLIB_ERR_NTFS_3G;
684         } else {
685                 root->inode->security_id = -1;
686                 DEBUG("No security ID for `%s'", path);
687         }
688 #endif
689         return ret;
690 }
691
692 static int build_dentry_tree_ntfs(struct dentry **root_p,
693                                   const char *device,
694                                   struct lookup_table *lookup_table,
695                                   struct wim_security_data *sd,
696                                   const struct capture_config *config,
697                                   int flags,
698                                   void *extra_arg)
699 {
700         ntfs_volume *vol;
701         ntfs_inode *root_ni;
702         int ret = 0;
703         struct sd_set sd_set = {
704                 .sd = sd,
705                 .root = NULL,
706         };
707         ntfs_volume **ntfs_vol_p = extra_arg;
708
709         DEBUG("Mounting NTFS volume `%s' read-only", device);
710         
711         vol = ntfs_mount(device, MS_RDONLY);
712         if (!vol) {
713                 ERROR_WITH_ERRNO("Failed to mount NTFS volume `%s' read-only",
714                                  device);
715                 return WIMLIB_ERR_NTFS_3G;
716         }
717         ntfs_open_secure(vol);
718
719         /* We don't want to capture the special NTFS files such as $Bitmap.  Not
720          * to be confused with "hidden" or "system" files which are real files
721          * that we do need to capture.  */
722         NVolClearShowSysFiles(vol);
723
724         DEBUG("Opening root NTFS dentry");
725         root_ni = ntfs_inode_open(vol, FILE_root);
726         if (!root_ni) {
727                 ERROR_WITH_ERRNO("Failed to open root inode of NTFS volume "
728                                  "`%s'", device);
729                 ret = WIMLIB_ERR_NTFS_3G;
730                 goto out;
731         }
732
733         /* Currently we assume that all the UTF-8 paths fit into this length and
734          * there is no check for overflow. */
735         char *path = MALLOC(32768);
736         if (!path) {
737                 ERROR("Could not allocate memory for NTFS pathname");
738                 goto out_cleanup;
739         }
740
741         path[0] = '/';
742         path[1] = '\0';
743         ret = build_dentry_tree_ntfs_recursive(root_p, NULL, root_ni, path, 1,
744                                                FILE_NAME_POSIX, lookup_table,
745                                                &sd_set, config, ntfs_vol_p,
746                                                flags);
747 out_cleanup:
748         FREE(path);
749         ntfs_inode_close(root_ni);
750         destroy_sd_set(&sd_set);
751
752 out:
753         if (ret) {
754                 if (ntfs_umount(vol, FALSE) != 0) {
755                         ERROR_WITH_ERRNO("Failed to unmount NTFS volume `%s'",
756                                          device);
757                         if (ret == 0)
758                                 ret = WIMLIB_ERR_NTFS_3G;
759                 }
760         } else {
761                 /* We need to leave the NTFS volume mounted so that we can read
762                  * the NTFS files again when we are actually writing the WIM */
763                 *ntfs_vol_p = vol;
764         }
765         return ret;
766 }
767
768
769
770 WIMLIBAPI int wimlib_add_image_from_ntfs_volume(WIMStruct *w,
771                                                 const char *device,
772                                                 const char *name,
773                                                 const char *config_str,
774                                                 size_t config_len,
775                                                 int flags)
776 {
777         if (flags & (WIMLIB_ADD_IMAGE_FLAG_DEREFERENCE)) {
778                 ERROR("Cannot dereference files when capturing directly from NTFS");
779                 return WIMLIB_ERR_INVALID_PARAM;
780         }
781         return do_add_image(w, device, name, config_str, config_len, flags,
782                             build_dentry_tree_ntfs, &w->ntfs_vol);
783 }
784
785 #else /* WITH_NTFS_3G */
786 WIMLIBAPI int wimlib_add_image_from_ntfs_volume(WIMStruct *w,
787                                                 const char *device,
788                                                 const char *name,
789                                                 const char *config_str,
790                                                 size_t config_len,
791                                                 int flags)
792 {
793         ERROR("wimlib was compiled without support for NTFS-3g, so");
794         ERROR("we cannot capture a WIM image directly from a NTFS volume");
795         return WIMLIB_ERR_UNSUPPORTED;
796 }
797 #endif /* WITH_NTFS_3G */