8d1fe0e6409023cb4386c7dbbb0558f844eaa231
[wimlib] / src / ntfs-capture.c
1 /*
2  * ntfs-capture.c
3  *
4  * Capture a WIM image from a NTFS volume.  We capture everything we can,
5  * including security data and alternate data streams.  There should be no loss
6  * of information.
7  */
8
9 /*
10  * Copyright (C) 2012 Eric Biggers
11  *
12  * This file is part of wimlib, a library for working with WIM files.
13  *
14  * wimlib is free software; you can redistribute it and/or modify it under the
15  * terms of the GNU Lesser General Public License as published by the Free
16  * Software Foundation; either version 2.1 of the License, or (at your option)
17  * any later version.
18  *
19  * wimlib is distributed in the hope that it will be useful, but WITHOUT ANY
20  * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
21  * A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
22  * details.
23  *
24  * You should have received a copy of the GNU Lesser General Public License
25  * along with wimlib; if not, see http://www.gnu.org/licenses/.
26  */
27
28 #include "config.h"
29 #include "wimlib_internal.h"
30
31
32 #ifdef WITH_NTFS_3G
33 #include "dentry.h"
34 #include "lookup_table.h"
35 #include "io.h"
36 #include <ntfs-3g/layout.h>
37 #include <ntfs-3g/acls.h>
38 #include <ntfs-3g/attrib.h>
39 #include <ntfs-3g/misc.h>
40 #include <ntfs-3g/reparse.h>
41 #include <ntfs-3g/security.h>
42 #include <ntfs-3g/volume.h>
43 #include <stdlib.h>
44 #include <unistd.h>
45
46 extern int ntfs_inode_get_security(ntfs_inode *ni, u32 selection, char *buf,
47                                    u32 buflen, u32 *psize);
48
49 extern int ntfs_inode_get_attributes(ntfs_inode *ni);
50
51 /* Structure that allows searching the security descriptors by SHA1 message
52  * digest. */
53 struct sd_set {
54         struct wim_security_data *sd;
55         struct sd_node *root;
56 };
57
58 /* Binary tree node of security descriptors, indexed by the @hash field. */
59 struct sd_node {
60         int security_id;
61         u8 hash[SHA1_HASH_SIZE];
62         struct sd_node *left;
63         struct sd_node *right;
64 };
65
66 /* Frees a security descriptor index tree. */
67 static void free_sd_set(struct sd_node *root)
68 {
69         if (root) {
70                 free_sd_set(root->left);
71                 free_sd_set(root->right);
72                 FREE(root);
73         }
74 }
75
76 /* Inserts a a new node into the security descriptor index tree. */
77 static void insert_sd_node(struct sd_node *new, struct sd_node *root)
78 {
79         int cmp = hashes_cmp(new->hash, root->hash);
80         if (cmp < 0) {
81                 if (root->left)
82                         insert_sd_node(new, root->left);
83                 else 
84                         root->left = new;
85         } else if (cmp > 0) {
86                 if (root->right)
87                         insert_sd_node(new, root->right);
88                 else 
89                         root->right = new;
90         } else {
91                 wimlib_assert(0);
92         }
93 }
94
95 /* Returns the security ID of the security data having a SHA1 message digest of
96  * @hash in the security descriptor index tree rooted at @root. 
97  *
98  * If not found, return -1. */
99 static int lookup_sd(const u8 hash[SHA1_HASH_SIZE], struct sd_node *root)
100 {
101         int cmp;
102         if (!root)
103                 return -1;
104         cmp = hashes_cmp(hash, root->hash);
105         if (cmp < 0)
106                 return lookup_sd(hash, root->left);
107         else if (cmp > 0)
108                 return lookup_sd(hash, root->right);
109         else
110                 return root->security_id;
111 }
112
113 /*
114  * Adds a security descriptor to the indexed security descriptor set as well as
115  * the corresponding `struct wim_security_data', and returns the new security
116  * ID; or, if there is an existing security descriptor that is the same, return
117  * the security ID for it.  If a new security descriptor cannot be allocated,
118  * return -1.
119  */
120 static int sd_set_add_sd(struct sd_set *sd_set, const u8 *descriptor,
121                          size_t size)
122 {
123         u8 hash[SHA1_HASH_SIZE];
124         int security_id;
125         struct sd_node *new;
126         u8 **descriptors;
127         u64 *sizes;
128         u8 *descr_copy;
129         struct wim_security_data *sd;
130
131         sha1_buffer(descriptor, size, hash);
132         security_id = lookup_sd(hash, sd_set->root);
133         if (security_id >= 0)
134                 return security_id;
135
136         new = MALLOC(sizeof(*new));
137         if (!new)
138                 goto out;
139         descr_copy = MALLOC(size);
140         if (!descr_copy)
141                 goto out_free_node;
142
143         sd = sd_set->sd;
144
145         memcpy(descr_copy, descriptor, size);
146         new->security_id = sd->num_entries;
147         new->left = NULL;
148         new->right = NULL;
149         copy_hash(new->hash, hash);
150
151
152         descriptors = REALLOC(sd->descriptors,
153                               (sd->num_entries + 1) * sizeof(sd->descriptors[0]));
154         if (!descriptors)
155                 goto out_free_descr;
156         sd->descriptors = descriptors;
157         sizes = REALLOC(sd->sizes,
158                         (sd->num_entries + 1) * sizeof(sd->sizes[0]));
159         if (!sizes)
160                 goto out_free_descr;
161         sd->sizes = sizes;
162         sd->descriptors[sd->num_entries] = descr_copy;
163         sd->sizes[sd->num_entries] = size;
164         sd->num_entries++;
165         sd->total_length += size + sizeof(sd->sizes[0]);
166
167         if (sd_set->root)
168                 insert_sd_node(sd_set->root, new);
169         else
170                 sd_set->root = new;
171         return new->security_id;
172 out_free_descr:
173         FREE(descr_copy);
174 out_free_node:
175         FREE(new);
176 out:
177         return -1;
178 }
179
180 static inline ntfschar *attr_record_name(ATTR_RECORD *ar)
181 {
182         return (ntfschar*)((u8*)ar + le16_to_cpu(ar->name_offset));
183 }
184
185 /* Calculates the SHA1 message digest of a NTFS attribute. 
186  *
187  * @ni:  The NTFS inode containing the attribute.
188  * @ar:  The ATTR_RECORD describing the attribute.
189  * @md:  If successful, the returned SHA1 message digest.
190  *
191  * Return 0 on success or nonzero on error.
192  */
193 static int ntfs_attr_sha1sum(ntfs_inode *ni, ATTR_RECORD *ar,
194                              u8 md[SHA1_HASH_SIZE])
195 {
196         s64 pos = 0;
197         s64 bytes_remaining;
198         char buf[4096];
199         ntfs_attr *na;
200         SHA_CTX ctx;
201
202         na = ntfs_attr_open(ni, ar->type, attr_record_name(ar),
203                             ar->name_length);
204         if (!na) {
205                 ERROR_WITH_ERRNO("Failed to open NTFS attribute");
206                 return WIMLIB_ERR_NTFS_3G;
207         }
208
209         bytes_remaining = na->data_size;
210         sha1_init(&ctx);
211
212         DEBUG("Calculating SHA1 message digest (%"PRIu64" bytes)",
213                         bytes_remaining);
214
215         while (bytes_remaining) {
216                 s64 to_read = min(bytes_remaining, sizeof(buf));
217                 if (ntfs_attr_pread(na, pos, to_read, buf) != to_read) {
218                         ERROR_WITH_ERRNO("Error reading NTFS attribute");
219                         return WIMLIB_ERR_NTFS_3G;
220                 }
221                 sha1_update(&ctx, buf, to_read);
222                 pos += to_read;
223                 bytes_remaining -= to_read;
224         }
225         sha1_final(md, &ctx);
226         ntfs_attr_close(na);
227         return 0;
228 }
229
230 /* Load the streams from a WIM file or reparse point in the NTFS volume into the
231  * WIM lookup table */
232 static int capture_ntfs_streams(struct dentry *dentry, ntfs_inode *ni,
233                                 char path[], size_t path_len,
234                                 struct lookup_table *lookup_table,
235                                 ntfs_volume **ntfs_vol_p,
236                                 ATTR_TYPES type)
237 {
238
239         ntfs_attr_search_ctx *actx;
240         u8 attr_hash[SHA1_HASH_SIZE];
241         struct ntfs_location *ntfs_loc;
242         struct lookup_table_entry *lte;
243         int ret = 0;
244
245         DEBUG("Capturing NTFS data streams from `%s'", path);
246
247         /* Get context to search the streams of the NTFS file. */
248         actx = ntfs_attr_get_search_ctx(ni, NULL);
249         if (!actx) {
250                 ERROR_WITH_ERRNO("Cannot get attribute search "
251                                  "context");
252                 return WIMLIB_ERR_NTFS_3G;
253         }
254
255         /* Capture each data stream or reparse data stream. */
256         while (!ntfs_attr_lookup(type, NULL, 0,
257                                  CASE_SENSITIVE, 0, NULL, 0, actx))
258         {
259                 char *stream_name_utf8;
260                 size_t stream_name_utf16_len;
261
262                 /* Checksum the stream. */
263                 ret = ntfs_attr_sha1sum(ni, actx->attr, attr_hash);
264                 if (ret != 0)
265                         goto out_put_actx;
266
267                 /* Make a lookup table entry for the stream, or use an existing
268                  * one if there's already an identical stream. */
269                 lte = __lookup_resource(lookup_table, attr_hash);
270                 ret = WIMLIB_ERR_NOMEM;
271                 if (lte) {
272                         lte->refcnt++;
273                 } else {
274                         struct ntfs_location *ntfs_loc;
275
276                         ntfs_loc = CALLOC(1, sizeof(*ntfs_loc));
277                         if (!ntfs_loc)
278                                 goto out_put_actx;
279                         ntfs_loc->ntfs_vol_p = ntfs_vol_p;
280                         ntfs_loc->path_utf8 = MALLOC(path_len + 1);
281                         if (!ntfs_loc->path_utf8)
282                                 goto out_free_ntfs_loc;
283                         memcpy(ntfs_loc->path_utf8, path, path_len + 1);
284                         ntfs_loc->stream_name_utf16 = MALLOC(actx->attr->name_length * 2);
285                         if (!ntfs_loc->stream_name_utf16)
286                                 goto out_free_ntfs_loc;
287                         memcpy(ntfs_loc->stream_name_utf16,
288                                attr_record_name(actx->attr),
289                                actx->attr->name_length * 2);
290
291                         ntfs_loc->stream_name_utf16_num_chars = actx->attr->name_length;
292                         ntfs_loc->is_reparse_point = (type == AT_REPARSE_POINT);
293                         lte = new_lookup_table_entry();
294                         if (!lte)
295                                 goto out_free_ntfs_loc;
296                         lte->ntfs_loc = ntfs_loc;
297                         lte->resource_location = RESOURCE_IN_NTFS_VOLUME;
298                         lte->resource_entry.original_size = actx->attr->data_size;
299                         lte->resource_entry.size = actx->attr->data_size;
300                         copy_hash(lte->hash, attr_hash);
301                         lookup_table_insert(lookup_table, lte);
302                 }
303                 if (actx->attr->name_length == 0) {
304                         if (dentry->lte) {
305                                 ERROR("Found two un-named data streams for "
306                                       "`%s'", path);
307                                 ret = WIMLIB_ERR_NTFS_3G;
308                                 goto out_free_lte;
309                         }
310                         dentry->lte = lte;
311                 } else {
312                         struct ads_entry *new_ads_entry;
313                         stream_name_utf8 = utf16_to_utf8((const u8*)attr_record_name(actx->attr),
314                                                          actx->attr->name_length,
315                                                          &stream_name_utf16_len);
316                         if (!stream_name_utf8)
317                                 goto out_free_lte;
318                         new_ads_entry = dentry_add_ads(dentry, stream_name_utf8);
319                         FREE(stream_name_utf8);
320                         if (!new_ads_entry)
321                                 goto out_free_lte;
322                                 
323                         new_ads_entry->lte = lte;
324                 }
325         }
326         ret = 0;
327         goto out_put_actx;
328 out_free_lte:
329         free_lookup_table_entry(lte);
330 out_free_ntfs_loc:
331         if (ntfs_loc) {
332                 FREE(ntfs_loc->path_utf8);
333                 FREE(ntfs_loc->stream_name_utf16);
334                 FREE(ntfs_loc);
335         }
336 out_put_actx:
337         ntfs_attr_put_search_ctx(actx);
338         if (ret == 0)
339                 DEBUG("Successfully captured NTFS streams from `%s'", path);
340         else
341                 DEBUG("Failed to capture NTFS streams from `%s", path);
342         return ret;
343 }
344
345 struct readdir_ctx {
346         struct dentry       *parent;
347         ntfs_inode          *dir_ni;
348         char                *path;
349         size_t               path_len;
350         struct lookup_table *lookup_table;
351         struct sd_set       *sd_set;
352         const struct capture_config *config;
353         ntfs_volume        **ntfs_vol_p;
354 };
355
356 static int __build_dentry_tree_ntfs(struct dentry **root_p, ntfs_inode *ni,
357                                     char path[], size_t path_len,
358                                     struct lookup_table *lookup_table,
359                                     struct sd_set *sd_set,
360                                     const struct capture_config *config,
361                                     ntfs_volume **ntfs_vol_p);
362
363
364 static int wim_ntfs_capture_filldir(void *dirent, const ntfschar *name,
365                                     const int name_len, const int name_type,
366                                     const s64 pos, const MFT_REF mref,
367                                     const unsigned dt_type)
368 {
369         struct readdir_ctx *ctx;
370         size_t utf8_name_len;
371         char *utf8_name;
372         struct dentry *child;
373         int ret;
374         size_t path_len;
375
376         ret = -1;
377
378         utf8_name = utf16_to_utf8((const u8*)name, name_len * 2,
379                                   &utf8_name_len);
380         if (!utf8_name)
381                 goto out;
382
383         if (utf8_name[0] == '.' &&
384              (utf8_name[1] == '\0' ||
385               (utf8_name[1] == '.' && utf8_name[2] == '\0'))) {
386                 DEBUG("Skipping dentry `%s'", utf8_name);
387                 ret = 0;
388                 goto out_free_utf8_name;
389         }
390
391         DEBUG("Opening inode for `%s'", utf8_name);
392
393         ctx = dirent;
394
395         ntfs_inode *ni = ntfs_inode_open(ctx->dir_ni->vol, mref);
396         if (!ni) {
397                 ERROR_WITH_ERRNO("Failed to open NTFS inode");
398                 ret = 1;
399         }
400         path_len = ctx->path_len;
401         if (path_len != 1)
402                 ctx->path[path_len++] = '/';
403         memcpy(ctx->path + path_len, utf8_name, utf8_name_len + 1);
404         path_len += utf8_name_len;
405         ret = __build_dentry_tree_ntfs(&child, ni, ctx->path, path_len,
406                                        ctx->lookup_table, ctx->sd_set,
407                                        ctx->config, ctx->ntfs_vol_p);
408         DEBUG("Linking dentry `%s' with parent `%s'",
409               child->file_name_utf8, ctx->parent->file_name_utf8);
410
411         link_dentry(child, ctx->parent);
412         DEBUG("Return %d", ret);
413 out_close_ni:
414         ntfs_inode_close(ni);
415 out_free_utf8_name:
416         FREE(utf8_name);
417 out:
418         return ret;
419 }
420
421 /* Recursively build a WIM dentry tree corresponding to a NTFS volume.
422  * At the same time, update the WIM lookup table with lookup table entries for
423  * the NTFS streams, and build an array of security descriptors.
424  */
425 static int __build_dentry_tree_ntfs(struct dentry **root_p, ntfs_inode *ni,
426                                     char path[], size_t path_len,
427                                     struct lookup_table *lookup_table,
428                                     struct sd_set *sd_set,
429                                     const struct capture_config *config,
430                                     ntfs_volume **ntfs_vol_p)
431 {
432         u32 attributes;
433         int mrec_flags;
434         u32 sd_size;
435         int ret = 0;
436         struct dentry *root;
437
438         if (exclude_path(path, config)) {
439                 DEBUG("Excluding `%s' from capture", path);
440                 return 0;
441         }
442
443         DEBUG("Starting recursive capture at path = `%s'", path);
444         mrec_flags = ni->mrec->flags;
445         attributes = ntfs_inode_get_attributes(ni);
446
447         root = new_dentry(path_basename(path));
448         if (!root)
449                 return WIMLIB_ERR_NOMEM;
450
451         root->creation_time    = le64_to_cpu(ni->creation_time);
452         root->last_write_time  = le64_to_cpu(ni->last_data_change_time);
453         root->last_access_time = le64_to_cpu(ni->last_access_time);
454         root->security_id      = le32_to_cpu(ni->security_id);
455         root->attributes       = le32_to_cpu(attributes);
456         root->hard_link  = ni->mft_no;
457         root->resolved = true;
458
459         if (attributes & FILE_ATTR_REPARSE_POINT) {
460                 DEBUG("Reparse point `%s'", path);
461                 /* Junction point, symbolic link, or other reparse point */
462                 ret = capture_ntfs_streams(root, ni, path, path_len,
463                                            lookup_table, ntfs_vol_p,
464                                            AT_REPARSE_POINT);
465         } else if (mrec_flags & MFT_RECORD_IS_DIRECTORY) {
466                 DEBUG("Directory `%s'", path);
467
468                 /* Normal directory */
469                 s64 pos = 0;
470                 struct readdir_ctx ctx = {
471                         .parent       = root,
472                         .dir_ni       = ni,
473                         .path         = path,
474                         .path_len     = path_len,
475                         .lookup_table = lookup_table,
476                         .sd_set       = sd_set,
477                         .config       = config,
478                         .ntfs_vol_p   = ntfs_vol_p,
479                 };
480                 ret = ntfs_readdir(ni, &pos, &ctx, wim_ntfs_capture_filldir);
481                 if (ret != 0)
482                         ret = WIMLIB_ERR_NTFS_3G;
483         } else {
484                 DEBUG("Normal file `%s'", path);
485                 /* Normal file */
486                 ret = capture_ntfs_streams(root, ni, path, path_len,
487                                            lookup_table, ntfs_vol_p,
488                                            AT_DATA);
489         }
490         if (ret != 0)
491                 return ret;
492
493         DEBUG("Getting security information from `%s'", path);
494         ret = ntfs_inode_get_security(ni,
495                                       OWNER_SECURITY_INFORMATION |
496                                       GROUP_SECURITY_INFORMATION |
497                                       DACL_SECURITY_INFORMATION  |
498                                       SACL_SECURITY_INFORMATION,
499                                       NULL, 0, &sd_size);
500         u8 sd[sd_size];
501         ret = ntfs_inode_get_security(ni,
502                                       OWNER_SECURITY_INFORMATION |
503                                       GROUP_SECURITY_INFORMATION |
504                                       DACL_SECURITY_INFORMATION  |
505                                       SACL_SECURITY_INFORMATION,
506                                       sd, sd_size, &sd_size);
507         if (ret == 0) {
508                 ERROR_WITH_ERRNO("Failed to get security information from "
509                                  "`%s'", path);
510                 ret = WIMLIB_ERR_NTFS_3G;
511         } else {
512                 if (ret > 0) {
513                         /*print_security_descriptor(sd, sd_size);*/
514                         root->security_id = sd_set_add_sd(sd_set, sd, sd_size);
515                         DEBUG("Added security ID = %u for `%s'",
516                               root->security_id, path);
517                 } else { 
518                         root->security_id = -1;
519                         DEBUG("No security ID for `%s'", path);
520                 }
521                 ret = 0;
522         }
523         *root_p = root;
524         return ret;
525 }
526
527 static int build_dentry_tree_ntfs(struct dentry **root_p,
528                                   const char *device,
529                                   struct lookup_table *lookup_table,
530                                   struct wim_security_data *sd,
531                                   const struct capture_config *config,
532                                   int flags,
533                                   void *extra_arg)
534 {
535         ntfs_volume *vol;
536         ntfs_inode *root_ni;
537         int ret = 0;
538         struct sd_set tree;
539         tree.sd = sd;
540         tree.root = NULL;
541         ntfs_volume **ntfs_vol_p = extra_arg;
542
543         DEBUG("Mounting NTFS volume `%s' read-only", device);
544         
545         vol = ntfs_mount(device, MS_RDONLY);
546         if (!vol) {
547                 ERROR_WITH_ERRNO("Failed to mount NTFS volume `%s' read-only",
548                                  device);
549                 return WIMLIB_ERR_NTFS_3G;
550         }
551
552         NVolClearShowSysFiles(vol);
553
554         DEBUG("Opening root NTFS dentry");
555         root_ni = ntfs_inode_open(vol, FILE_root);
556         if (!root_ni) {
557                 ERROR_WITH_ERRNO("Failed to open root inode of NTFS volume "
558                                  "`%s'", device);
559                 ret = WIMLIB_ERR_NTFS_3G;
560                 goto out;
561         }
562         char path[4096];
563         path[0] = '/';
564         path[1] = '\0';
565         ret = __build_dentry_tree_ntfs(root_p, root_ni, path, 1,
566                                        lookup_table, &tree, config,
567                                        ntfs_vol_p);
568         ntfs_inode_close(root_ni);
569
570 out:
571         if (ntfs_umount(vol, FALSE) != 0) {
572                 ERROR_WITH_ERRNO("Failed to unmount NTFS volume `%s'", device);
573                 if (ret == 0)
574                         ret = WIMLIB_ERR_NTFS_3G;
575         }
576         return ret;
577 }
578
579
580
581 WIMLIBAPI int wimlib_add_image_from_ntfs_volume(WIMStruct *w,
582                                                 const char *device,
583                                                 const char *name,
584                                                 const char *description,
585                                                 const char *flags_element,
586                                                 const char *config_str,
587                                                 size_t config_len,
588                                                 int flags)
589 {
590         if (flags & (WIMLIB_ADD_IMAGE_FLAG_DEREFERENCE)) {
591                 ERROR("Cannot dereference files when capturing directly from NTFS");
592                 return WIMLIB_ERR_INVALID_PARAM;
593         }
594         return do_add_image(w, device, name, description, flags_element,
595                             config_str, config_len, flags, build_dentry_tree_ntfs,
596                             &w->ntfs_vol);
597 }
598
599 #else /* WITH_NTFS_3G */
600 WIMLIBAPI int wimlib_add_image_from_ntfs_volume(WIMStruct *w,
601                                                 const char *device,
602                                                 const char *name,
603                                                 const char *description,
604                                                 const char *flags_element,
605                                                 int flags,
606                                                 const char *config_str,
607                                                 size_t config_len)
608 {
609         ERROR("wimlib was compiled without support for NTFS-3g, so");
610         ERROR("we cannot capture a WIM image directly from a NTFS volume");
611         return WIMLIB_ERR_UNSUPPORTED;
612 }
613 #endif /* WITH_NTFS_3G */