4 * Capture a WIM image from a NTFS volume. We capture everything we can,
5 * including security data and alternate data streams.
9 * Copyright (C) 2012, 2013 Eric Biggers
11 * This file is part of wimlib, a library for working with WIM files.
13 * wimlib is free software; you can redistribute it and/or modify it under the
14 * terms of the GNU General Public License as published by the Free
15 * Software Foundation; either version 3 of the License, or (at your option)
18 * wimlib is distributed in the hope that it will be useful, but WITHOUT ANY
19 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
20 * A PARTICULAR PURPOSE. See the GNU General Public License for more
23 * You should have received a copy of the GNU General Public License
24 * along with wimlib; if not, see http://www.gnu.org/licenses/.
30 #include <ntfs-3g/endians.h>
31 #include <ntfs-3g/types.h>
33 #include "buffer_io.h"
35 #include "lookup_table.h"
37 #include "wimlib_internal.h"
39 #include <ntfs-3g/layout.h>
40 #include <ntfs-3g/acls.h>
41 #include <ntfs-3g/attrib.h>
42 #include <ntfs-3g/misc.h>
43 #include <ntfs-3g/reparse.h>
44 #include <ntfs-3g/security.h> /* ntfs-3g/security.h before ntfs-3g/xattrs.h */
45 #include <ntfs-3g/xattrs.h>
46 #include <ntfs-3g/volume.h>
55 static inline ntfschar *
56 attr_record_name(ATTR_RECORD *ar)
58 return (ntfschar*)((u8*)ar + le16_to_cpu(ar->name_offset));
61 /* Calculates the SHA1 message digest of a NTFS attribute.
63 * @ni: The NTFS inode containing the attribute.
64 * @ar: The ATTR_RECORD describing the attribute.
65 * @md: If successful, the returned SHA1 message digest.
66 * @reparse_tag_ret: Optional pointer into which the first 4 bytes of the
67 * attribute will be written (to get the reparse
70 * Return 0 on success or nonzero on error.
73 ntfs_attr_sha1sum(ntfs_inode *ni, ATTR_RECORD *ar,
74 u8 md[SHA1_HASH_SIZE],
75 bool is_reparse_point,
80 char buf[BUFFER_SIZE];
84 na = ntfs_attr_open(ni, ar->type, attr_record_name(ar),
87 ERROR_WITH_ERRNO("Failed to open NTFS attribute");
88 return WIMLIB_ERR_NTFS_3G;
91 bytes_remaining = na->data_size;
93 if (is_reparse_point) {
94 if (ntfs_attr_pread(na, 0, 8, buf) != 8)
96 *reparse_tag_ret = le32_to_cpu(*(u32*)buf);
97 DEBUG("ReparseTag = %#x", *reparse_tag_ret);
103 while (bytes_remaining) {
104 s64 to_read = min(bytes_remaining, sizeof(buf));
105 if (ntfs_attr_pread(na, pos, to_read, buf) != to_read)
107 sha1_update(&ctx, buf, to_read);
109 bytes_remaining -= to_read;
111 sha1_final(md, &ctx);
115 ERROR_WITH_ERRNO("Error reading NTFS attribute");
116 return WIMLIB_ERR_NTFS_3G;
119 /* Load the streams from a file or reparse point in the NTFS volume into the WIM
122 capture_ntfs_streams(struct wim_inode *inode,
126 struct wim_lookup_table *lookup_table,
127 ntfs_volume **ntfs_vol_p,
130 ntfs_attr_search_ctx *actx;
131 u8 attr_hash[SHA1_HASH_SIZE];
132 struct ntfs_location *ntfs_loc = NULL;
134 struct wim_lookup_table_entry *lte;
136 DEBUG2("Capturing NTFS data streams from `%s'", path);
138 /* Get context to search the streams of the NTFS file. */
139 actx = ntfs_attr_get_search_ctx(ni, NULL);
141 ERROR_WITH_ERRNO("Cannot get NTFS attribute search "
143 return WIMLIB_ERR_NTFS_3G;
146 /* Capture each data stream or reparse data stream. */
147 while (!ntfs_attr_lookup(type, NULL, 0,
148 CASE_SENSITIVE, 0, NULL, 0, actx))
151 u64 data_size = ntfs_get_attribute_value_length(actx->attr);
152 u64 name_length = actx->attr->name_length;
153 if (data_size == 0) {
155 ERROR_WITH_ERRNO("Failed to get size of attribute of "
157 ret = WIMLIB_ERR_NTFS_3G;
160 /* Empty stream. No lookup table entry is needed. */
163 if (type == AT_REPARSE_POINT && data_size < 8) {
164 ERROR("`%s': reparse point buffer too small",
166 ret = WIMLIB_ERR_NTFS_3G;
169 /* Checksum the stream. */
170 ret = ntfs_attr_sha1sum(ni, actx->attr, attr_hash,
171 type == AT_REPARSE_POINT, &reparse_tag);
175 if (type == AT_REPARSE_POINT)
176 inode->i_reparse_tag = reparse_tag;
178 /* Make a lookup table entry for the stream, or use an existing
179 * one if there's already an identical stream. */
180 lte = __lookup_resource(lookup_table, attr_hash);
181 ret = WIMLIB_ERR_NOMEM;
185 ntfs_loc = CALLOC(1, sizeof(*ntfs_loc));
188 ntfs_loc->ntfs_vol_p = ntfs_vol_p;
189 ntfs_loc->path = MALLOC(path_len + 1);
191 goto out_free_ntfs_loc;
192 memcpy(ntfs_loc->path, path, path_len + 1);
194 ntfs_loc->stream_name = MALLOC(name_length * 2);
195 if (!ntfs_loc->stream_name)
196 goto out_free_ntfs_loc;
197 memcpy(ntfs_loc->stream_name,
198 attr_record_name(actx->attr),
199 actx->attr->name_length * 2);
200 ntfs_loc->stream_name_nchars = name_length;
203 lte = new_lookup_table_entry();
205 goto out_free_ntfs_loc;
206 lte->ntfs_loc = ntfs_loc;
207 lte->resource_location = RESOURCE_IN_NTFS_VOLUME;
208 if (type == AT_REPARSE_POINT) {
209 ntfs_loc->is_reparse_point = true;
210 lte->resource_entry.original_size = data_size - 8;
211 lte->resource_entry.size = data_size - 8;
213 ntfs_loc->is_reparse_point = false;
214 lte->resource_entry.original_size = data_size;
215 lte->resource_entry.size = data_size;
218 copy_hash(lte->hash, attr_hash);
219 lookup_table_insert(lookup_table, lte);
222 if (name_length == 0) {
223 /* Unnamed data stream. Put the reference to it in the
226 WARNING("Found two un-named data streams for "
228 free_lookup_table_entry(lte);
233 /* Named data stream. Put the reference to it in the
234 * alternate data stream entries */
235 struct wim_ads_entry *new_ads_entry;
237 new_ads_entry = inode_add_ads_utf16le(inode,
238 attr_record_name(actx->attr),
242 wimlib_assert(new_ads_entry->stream_name_nbytes == name_length * 2);
243 new_ads_entry->lte = lte;
249 free_lookup_table_entry(lte);
252 FREE(ntfs_loc->path);
253 FREE(ntfs_loc->stream_name);
257 ntfs_attr_put_search_ctx(actx);
259 DEBUG2("Successfully captured NTFS streams from `%s'", path);
261 ERROR("Failed to capture NTFS streams from `%s", path);
265 /* Red-black tree that maps NTFS inode numbers to DOS names */
266 struct dos_name_map {
267 struct rb_root rb_root;
270 struct dos_name_node {
271 struct rb_node rb_node;
277 /* Inserts a new DOS name into the map */
279 insert_dos_name(struct dos_name_map *map, const ntfschar *dos_name,
280 size_t name_nbytes, u64 ntfs_ino)
282 struct dos_name_node *new_node;
284 struct rb_root *root;
285 struct rb_node *rb_parent;
287 DEBUG("DOS name_len = %zu", name_nbytes);
288 new_node = MALLOC(sizeof(struct dos_name_node));
292 /* DOS names are supposed to be 12 characters max (that's 24 bytes,
293 * assuming 2-byte ntfs characters) */
294 wimlib_assert(name_nbytes <= sizeof(new_node->dos_name));
296 /* Initialize the DOS name, DOS name length, and NTFS inode number of
297 * the red-black tree node */
298 memcpy(new_node->dos_name, dos_name, name_nbytes);
299 new_node->name_nbytes = name_nbytes;
300 new_node->ntfs_ino = ntfs_ino;
302 /* Insert the red-black tree node */
303 root = &map->rb_root;
307 struct dos_name_node *this;
309 this = container_of(*p, struct dos_name_node, rb_node);
311 if (new_node->ntfs_ino < this->ntfs_ino)
312 p = &((*p)->rb_left);
313 else if (new_node->ntfs_ino > this->ntfs_ino)
314 p = &((*p)->rb_right);
316 /* This should be impossible since a NTFS inode cannot
317 * have multiple DOS names, and we only should get each
318 * DOS name entry once from the ntfs_readdir() calls. */
319 ERROR("NTFS inode %"PRIu64" has multiple DOS names",
324 rb_link_node(&new_node->rb_node, rb_parent, p);
325 rb_insert_color(&new_node->rb_node, root);
326 DEBUG("Inserted DOS name for inode %"PRIu64, ntfs_ino);
330 /* Returns a structure that contains the DOS name and its length for a NTFS
331 * inode, or NULL if the inode has no DOS name. */
332 static struct dos_name_node *
333 lookup_dos_name(const struct dos_name_map *map, u64 ntfs_ino)
335 struct rb_node *node = map->rb_root.rb_node;
337 struct dos_name_node *this;
338 this = container_of(node, struct dos_name_node, rb_node);
339 if (ntfs_ino < this->ntfs_ino)
340 node = node->rb_left;
341 else if (ntfs_ino > this->ntfs_ino)
342 node = node->rb_right;
350 set_dentry_dos_name(struct wim_dentry *dentry, void *arg)
352 const struct dos_name_map *map = arg;
353 const struct dos_name_node *node;
355 if (dentry->is_win32_name) {
356 node = lookup_dos_name(map, dentry->d_inode->i_ino);
358 dentry->short_name = MALLOC(node->name_nbytes + 2);
359 if (!dentry->short_name)
360 return WIMLIB_ERR_NOMEM;
361 memcpy(dentry->short_name, node->dos_name,
363 dentry->short_name[node->name_nbytes / 2] = 0;
364 dentry->short_name_nbytes = node->name_nbytes;
365 DEBUG("Assigned DOS name to ino %"PRIu64,
366 dentry->d_inode->i_ino);
368 WARNING("NTFS inode %"PRIu64" has Win32 name with no "
369 "corresponding DOS name",
370 dentry->d_inode->i_ino);
377 free_dos_name_tree(struct rb_node *node) {
379 free_dos_name_tree(node->rb_left);
380 free_dos_name_tree(node->rb_right);
381 FREE(container_of(node, struct dos_name_node, rb_node));
386 destroy_dos_name_map(struct dos_name_map *map)
388 free_dos_name_tree(map->rb_root.rb_node);
392 struct wim_dentry *parent;
396 struct wim_lookup_table *lookup_table;
397 struct wim_inode_table *inode_table;
398 struct sd_set *sd_set;
399 struct dos_name_map *dos_name_map;
400 const struct wimlib_capture_config *config;
401 ntfs_volume **ntfs_vol_p;
403 wimlib_progress_func_t progress_func;
407 build_dentry_tree_ntfs_recursive(struct wim_dentry **root_p,
413 struct wim_lookup_table *lookup_table,
414 struct wim_inode_table *inode_table,
415 struct sd_set *sd_set,
416 const struct wimlib_capture_config *config,
417 ntfs_volume **ntfs_vol_p,
419 wimlib_progress_func_t progress_func);
422 wim_ntfs_capture_filldir(void *dirent, const ntfschar *name,
423 const int name_nchars, const int name_type,
424 const s64 pos, const MFT_REF mref,
425 const unsigned dt_type)
427 struct readdir_ctx *ctx;
428 size_t mbs_name_nbytes;
430 struct wim_dentry *child;
433 size_t name_nbytes = name_nchars * sizeof(ntfschar);
436 if (name_type & FILE_NAME_DOS) {
437 /* If this is the entry for a DOS name, store it for later. */
438 ret = insert_dos_name(ctx->dos_name_map, name,
439 name_nbytes, mref & MFT_REF_MASK_CPU);
441 /* Return now if an error occurred or if this is just a DOS name
442 * and not a Win32+DOS name. */
443 if (ret != 0 || name_type == FILE_NAME_DOS)
446 ret = utf16le_to_tstr(name, name_nbytes,
447 &mbs_name, &mbs_name_nbytes);
451 if (mbs_name[0] == '.' &&
452 (mbs_name[1] == '\0' ||
453 (mbs_name[1] == '.' && mbs_name[2] == '\0'))) {
456 * note: name_type is POSIX for these, so DOS names will not
457 * have been inserted for them. */
459 goto out_free_mbs_name;
462 /* Open the inode for this directory entry and recursively capture the
463 * directory tree rooted at it */
464 ntfs_inode *ni = ntfs_inode_open(ctx->dir_ni->vol, mref);
466 ERROR_WITH_ERRNO("Failed to open NTFS inode");
468 goto out_free_mbs_name;
470 path_len = ctx->path_len;
472 ctx->path[path_len++] = '/';
473 memcpy(ctx->path + path_len, mbs_name, mbs_name_nbytes + 1);
474 path_len += mbs_name_nbytes;
476 ret = build_dentry_tree_ntfs_recursive(&child, ctx->dir_ni,
477 ni, ctx->path, path_len, name_type,
481 ctx->config, ctx->ntfs_vol_p,
482 ctx->add_image_flags,
485 dentry_add_child(ctx->parent, child);
486 ntfs_inode_close(ni);
493 /* Recursively build a WIM dentry tree corresponding to a NTFS volume.
494 * At the same time, update the WIM lookup table with lookup table entries for
495 * the NTFS streams, and build an array of security descriptors.
498 build_dentry_tree_ntfs_recursive(struct wim_dentry **root_ret,
504 struct wim_lookup_table *lookup_table,
505 struct wim_inode_table *inode_table,
506 struct sd_set *sd_set,
507 const struct wimlib_capture_config *config,
508 ntfs_volume **ntfs_vol_p,
510 wimlib_progress_func_t progress_func)
514 struct wim_dentry *root;
515 struct wim_inode *inode;
517 if (exclude_path(path, path_len, config, false)) {
518 /* Exclude a file or directory tree based on the capture
519 * configuration file */
520 if ((add_image_flags & WIMLIB_ADD_IMAGE_FLAG_EXCLUDE_VERBOSE)
523 union wimlib_progress_info info;
524 info.scan.cur_path = path;
525 info.scan.excluded = true;
526 progress_func(WIMLIB_PROGRESS_MSG_SCAN_DENTRY, &info);
533 /* Get file attributes */
534 struct SECURITY_CONTEXT ctx;
535 memset(&ctx, 0, sizeof(ctx));
537 ret = ntfs_xattr_system_getxattr(&ctx, XATTR_NTFS_ATTRIB,
538 ni, dir_ni, (char *)&attributes,
541 ERROR_WITH_ERRNO("Failed to get NTFS attributes from `%s'",
543 return WIMLIB_ERR_NTFS_3G;
546 if ((add_image_flags & WIMLIB_ADD_IMAGE_FLAG_VERBOSE)
549 union wimlib_progress_info info;
550 info.scan.cur_path = path;
551 info.scan.excluded = false;
552 progress_func(WIMLIB_PROGRESS_MSG_SCAN_DENTRY, &info);
555 /* Create a WIM dentry with an associated inode, which may be shared */
556 ret = inode_table_new_dentry(inode_table,
557 path_basename_with_len(path, path_len),
564 inode = root->d_inode;
566 if (inode->i_nlink > 1) /* Shared inode; nothing more to do */
569 if (name_type & FILE_NAME_WIN32) /* Win32 or Win32+DOS name */
570 root->is_win32_name = 1;
571 inode->i_creation_time = le64_to_cpu(ni->creation_time);
572 inode->i_last_write_time = le64_to_cpu(ni->last_data_change_time);
573 inode->i_last_access_time = le64_to_cpu(ni->last_access_time);
574 inode->i_attributes = le32_to_cpu(attributes);
575 inode->i_resolved = 1;
577 if (attributes & FILE_ATTR_REPARSE_POINT) {
578 /* Junction point, symbolic link, or other reparse point */
579 ret = capture_ntfs_streams(inode, ni, path,
580 path_len, lookup_table,
581 ntfs_vol_p, AT_REPARSE_POINT);
582 } else if (ni->mrec->flags & MFT_RECORD_IS_DIRECTORY) {
584 /* Normal directory */
586 struct dos_name_map dos_name_map = { .rb_root = {.rb_node = NULL} };
587 struct readdir_ctx ctx = {
591 .path_len = path_len,
592 .lookup_table = lookup_table,
593 .inode_table = inode_table,
595 .dos_name_map = &dos_name_map,
597 .ntfs_vol_p = ntfs_vol_p,
598 .add_image_flags = add_image_flags,
599 .progress_func = progress_func,
601 ret = ntfs_readdir(ni, &pos, &ctx, wim_ntfs_capture_filldir);
603 ERROR_WITH_ERRNO("ntfs_readdir()");
604 ret = WIMLIB_ERR_NTFS_3G;
606 ret = for_dentry_child(root, set_dentry_dos_name,
609 destroy_dos_name_map(&dos_name_map);
612 ret = capture_ntfs_streams(inode, ni, path,
613 path_len, lookup_table,
614 ntfs_vol_p, AT_DATA);
619 if (!(add_image_flags & WIMLIB_ADD_IMAGE_FLAG_NO_ACLS)) {
620 /* Get security descriptor */
624 ret = ntfs_xattr_system_getxattr(&ctx, XATTR_NTFS_ACL,
627 if (ret > sizeof(sd)) {
629 ret = ntfs_xattr_system_getxattr(&ctx, XATTR_NTFS_ACL,
630 ni, dir_ni, sd, ret);
633 inode->i_security_id = sd_set_add_sd(sd_set, sd, ret);
634 if (inode->i_security_id == -1) {
635 ERROR("Out of memory");
636 ret = WIMLIB_ERR_NOMEM;
639 DEBUG("Added security ID = %u for `%s'",
640 inode->i_security_id, path);
642 } else if (ret < 0) {
643 ERROR_WITH_ERRNO("Failed to get security information from "
645 ret = WIMLIB_ERR_NTFS_3G;
647 inode->i_security_id = -1;
648 DEBUG("No security ID for `%s'", path);
655 free_dentry_tree(root, lookup_table);
660 build_dentry_tree_ntfs(struct wim_dentry **root_p,
662 struct wim_lookup_table *lookup_table,
663 struct wim_inode_table *inode_table,
664 struct sd_set *sd_set,
665 const struct wimlib_capture_config *config,
667 wimlib_progress_func_t progress_func,
673 ntfs_volume **ntfs_vol_p = extra_arg;
675 DEBUG("Mounting NTFS volume `%s' read-only", device);
677 #ifdef HAVE_NTFS_MNT_RDONLY
679 vol = ntfs_mount(device, NTFS_MNT_RDONLY);
681 /* NTFS-3g 2011, 2012 */
682 vol = ntfs_mount(device, MS_RDONLY);
685 ERROR_WITH_ERRNO("Failed to mount NTFS volume `%s' read-only",
687 return WIMLIB_ERR_NTFS_3G;
689 ntfs_open_secure(vol);
691 /* We don't want to capture the special NTFS files such as $Bitmap. Not
692 * to be confused with "hidden" or "system" files which are real files
693 * that we do need to capture. */
694 NVolClearShowSysFiles(vol);
696 DEBUG("Opening root NTFS dentry");
697 root_ni = ntfs_inode_open(vol, FILE_root);
699 ERROR_WITH_ERRNO("Failed to open root inode of NTFS volume "
701 ret = WIMLIB_ERR_NTFS_3G;
705 /* Currently we assume that all the paths fit into this length and there
706 * is no check for overflow. */
707 char *path = MALLOC(32768);
709 ERROR("Could not allocate memory for NTFS pathname");
710 ret = WIMLIB_ERR_NOMEM;
716 ret = build_dentry_tree_ntfs_recursive(root_p, NULL, root_ni, path, 1,
717 FILE_NAME_POSIX, lookup_table,
725 ntfs_inode_close(root_ni);
727 ntfs_index_ctx_put(vol->secure_xsii);
728 ntfs_index_ctx_put(vol->secure_xsdh);
729 ntfs_inode_close(vol->secure_ni);
732 if (ntfs_umount(vol, FALSE) != 0) {
733 ERROR_WITH_ERRNO("Failed to unmount NTFS volume `%s'",
736 ret = WIMLIB_ERR_NTFS_3G;
739 /* We need to leave the NTFS volume mounted so that we can read
740 * the NTFS files again when we are actually writing the WIM */
git://wimlib.net / wimlib / blob