4 * Capture a WIM image from a NTFS volume. We capture everything we can,
5 * including security data and alternate data streams. There should be no loss
10 * Copyright (C) 2012 Eric Biggers
12 * This file is part of wimlib, a library for working with WIM files.
14 * wimlib is free software; you can redistribute it and/or modify it under the
15 * terms of the GNU Lesser General Public License as published by the Free
16 * Software Foundation; either version 2.1 of the License, or (at your option)
19 * wimlib is distributed in the hope that it will be useful, but WITHOUT ANY
20 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
21 * A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
24 * You should have received a copy of the GNU Lesser General Public License
25 * along with wimlib; if not, see http://www.gnu.org/licenses/.
29 #include "wimlib_internal.h"
34 #include "lookup_table.h"
36 #include <ntfs-3g/layout.h>
37 #include <ntfs-3g/acls.h>
38 #include <ntfs-3g/attrib.h>
39 #include <ntfs-3g/misc.h>
40 #include <ntfs-3g/reparse.h>
41 #include <ntfs-3g/security.h>
42 #include <ntfs-3g/volume.h>
46 extern int ntfs_inode_get_security(ntfs_inode *ni, u32 selection, char *buf,
47 u32 buflen, u32 *psize);
49 extern int ntfs_inode_get_attributes(ntfs_inode *ni);
51 /* Structure that allows searching the security descriptors by SHA1 message
54 struct wim_security_data *sd;
58 /* Binary tree node of security descriptors, indexed by the @hash field. */
61 u8 hash[SHA1_HASH_SIZE];
63 struct sd_node *right;
66 static void free_sd_tree(struct sd_node *root)
69 free_sd_tree(root->left);
70 free_sd_tree(root->right);
74 /* Frees a security descriptor index set. */
75 static void destroy_sd_set(struct sd_set *sd_set)
77 free_sd_tree(sd_set->root);
80 /* Inserts a a new node into the security descriptor index tree. */
81 static void insert_sd_node(struct sd_node *new, struct sd_node *root)
83 int cmp = hashes_cmp(new->hash, root->hash);
86 insert_sd_node(new, root->left);
91 insert_sd_node(new, root->right);
99 /* Returns the security ID of the security data having a SHA1 message digest of
100 * @hash in the security descriptor index tree rooted at @root.
102 * If not found, return -1. */
103 static int lookup_sd(const u8 hash[SHA1_HASH_SIZE], struct sd_node *root)
108 cmp = hashes_cmp(hash, root->hash);
110 return lookup_sd(hash, root->left);
112 return lookup_sd(hash, root->right);
114 return root->security_id;
118 * Adds a security descriptor to the indexed security descriptor set as well as
119 * the corresponding `struct wim_security_data', and returns the new security
120 * ID; or, if there is an existing security descriptor that is the same, return
121 * the security ID for it. If a new security descriptor cannot be allocated,
124 static int sd_set_add_sd(struct sd_set *sd_set, const char descriptor[],
127 u8 hash[SHA1_HASH_SIZE];
133 struct wim_security_data *sd;
135 sha1_buffer((const u8*)descriptor, size, hash);
136 security_id = lookup_sd(hash, sd_set->root);
137 if (security_id >= 0)
140 new = MALLOC(sizeof(*new));
143 descr_copy = MALLOC(size);
149 memcpy(descr_copy, descriptor, size);
150 new->security_id = sd->num_entries;
153 copy_hash(new->hash, hash);
156 descriptors = REALLOC(sd->descriptors,
157 (sd->num_entries + 1) * sizeof(sd->descriptors[0]));
160 sd->descriptors = descriptors;
161 sizes = REALLOC(sd->sizes,
162 (sd->num_entries + 1) * sizeof(sd->sizes[0]));
166 sd->descriptors[sd->num_entries] = descr_copy;
167 sd->sizes[sd->num_entries] = size;
169 DEBUG("There are now %d security descriptors", sd->num_entries);
170 sd->total_length += size + sizeof(sd->sizes[0]);
173 insert_sd_node(sd_set->root, new);
176 return new->security_id;
185 static inline ntfschar *attr_record_name(ATTR_RECORD *ar)
187 return (ntfschar*)((u8*)ar + le16_to_cpu(ar->name_offset));
190 /* Calculates the SHA1 message digest of a NTFS attribute.
192 * @ni: The NTFS inode containing the attribute.
193 * @ar: The ATTR_RECORD describing the attribute.
194 * @md: If successful, the returned SHA1 message digest.
196 * Return 0 on success or nonzero on error.
198 static int ntfs_attr_sha1sum(ntfs_inode *ni, ATTR_RECORD *ar,
199 u8 md[SHA1_HASH_SIZE])
207 na = ntfs_attr_open(ni, ar->type, attr_record_name(ar),
210 ERROR_WITH_ERRNO("Failed to open NTFS attribute");
211 return WIMLIB_ERR_NTFS_3G;
214 bytes_remaining = na->data_size;
217 DEBUG("Calculating SHA1 message digest (%"PRIu64" bytes)",
220 while (bytes_remaining) {
221 s64 to_read = min(bytes_remaining, sizeof(buf));
222 if (ntfs_attr_pread(na, pos, to_read, buf) != to_read) {
223 ERROR_WITH_ERRNO("Error reading NTFS attribute");
224 return WIMLIB_ERR_NTFS_3G;
226 sha1_update(&ctx, buf, to_read);
228 bytes_remaining -= to_read;
230 sha1_final(md, &ctx);
235 /* Load the streams from a WIM file or reparse point in the NTFS volume into the
236 * WIM lookup table */
237 static int capture_ntfs_streams(struct dentry *dentry, ntfs_inode *ni,
238 char path[], size_t path_len,
239 struct lookup_table *lookup_table,
240 ntfs_volume **ntfs_vol_p,
244 ntfs_attr_search_ctx *actx;
245 u8 attr_hash[SHA1_HASH_SIZE];
246 struct ntfs_location *ntfs_loc = NULL;
247 struct lookup_table_entry *lte;
250 DEBUG("Capturing NTFS data streams from `%s'", path);
252 /* Get context to search the streams of the NTFS file. */
253 actx = ntfs_attr_get_search_ctx(ni, NULL);
255 ERROR_WITH_ERRNO("Cannot get NTFS attribute search "
257 return WIMLIB_ERR_NTFS_3G;
260 /* Capture each data stream or reparse data stream. */
261 while (!ntfs_attr_lookup(type, NULL, 0,
262 CASE_SENSITIVE, 0, NULL, 0, actx))
264 char *stream_name_utf8;
265 size_t stream_name_utf16_len;
267 /* Checksum the stream. */
268 ret = ntfs_attr_sha1sum(ni, actx->attr, attr_hash);
272 /* Make a lookup table entry for the stream, or use an existing
273 * one if there's already an identical stream. */
274 lte = __lookup_resource(lookup_table, attr_hash);
275 ret = WIMLIB_ERR_NOMEM;
279 ntfs_loc = CALLOC(1, sizeof(*ntfs_loc));
282 ntfs_loc->ntfs_vol_p = ntfs_vol_p;
283 ntfs_loc->path_utf8 = MALLOC(path_len + 1);
284 if (!ntfs_loc->path_utf8)
285 goto out_free_ntfs_loc;
286 memcpy(ntfs_loc->path_utf8, path, path_len + 1);
287 ntfs_loc->stream_name_utf16 = MALLOC(actx->attr->name_length * 2);
288 if (!ntfs_loc->stream_name_utf16)
289 goto out_free_ntfs_loc;
290 memcpy(ntfs_loc->stream_name_utf16,
291 attr_record_name(actx->attr),
292 actx->attr->name_length * 2);
294 ntfs_loc->stream_name_utf16_num_chars = actx->attr->name_length;
295 ntfs_loc->is_reparse_point = (type == AT_REPARSE_POINT);
296 lte = new_lookup_table_entry();
298 goto out_free_ntfs_loc;
299 lte->ntfs_loc = ntfs_loc;
300 lte->resource_location = RESOURCE_IN_NTFS_VOLUME;
301 lte->resource_entry.original_size = actx->attr->data_size;
302 lte->resource_entry.size = actx->attr->data_size;
303 DEBUG("Add resource for `%s' (size = %zu)",
304 dentry->file_name_utf8,
305 lte->resource_entry.original_size);
306 copy_hash(lte->hash, attr_hash);
307 lookup_table_insert(lookup_table, lte);
309 if (actx->attr->name_length == 0) {
311 ERROR("Found two un-named data streams for "
313 ret = WIMLIB_ERR_NTFS_3G;
318 struct ads_entry *new_ads_entry;
319 size_t stream_name_utf8_len;
320 stream_name_utf8 = utf16_to_utf8((const char*)attr_record_name(actx->attr),
321 actx->attr->name_length,
322 &stream_name_utf8_len);
323 if (!stream_name_utf8)
325 new_ads_entry = dentry_add_ads(dentry, stream_name_utf8);
326 FREE(stream_name_utf8);
330 new_ads_entry->lte = lte;
336 free_lookup_table_entry(lte);
339 FREE(ntfs_loc->path_utf8);
340 FREE(ntfs_loc->stream_name_utf16);
344 ntfs_attr_put_search_ctx(actx);
346 DEBUG("Successfully captured NTFS streams from `%s'", path);
348 DEBUG("Failed to capture NTFS streams from `%s", path);
353 struct dentry *parent;
357 struct lookup_table *lookup_table;
358 struct sd_set *sd_set;
359 const struct capture_config *config;
360 ntfs_volume **ntfs_vol_p;
364 build_dentry_tree_ntfs_recursive(struct dentry **root_p, ntfs_inode *ni,
365 char path[], size_t path_len,
366 struct lookup_table *lookup_table,
367 struct sd_set *sd_set,
368 const struct capture_config *config,
369 ntfs_volume **ntfs_vol_p);
371 static int wim_ntfs_capture_filldir(void *dirent, const ntfschar *name,
372 const int name_len, const int name_type,
373 const s64 pos, const MFT_REF mref,
374 const unsigned dt_type)
376 struct readdir_ctx *ctx;
377 size_t utf8_name_len;
379 struct dentry *child = NULL;
383 if (name_type == FILE_NAME_DOS)
388 utf8_name = utf16_to_utf8((const char*)name, name_len * 2,
393 if (utf8_name[0] == '.' &&
394 (utf8_name[1] == '\0' ||
395 (utf8_name[1] == '.' && utf8_name[2] == '\0'))) {
396 DEBUG("Skipping dentry `%s'", utf8_name);
398 goto out_free_utf8_name;
401 DEBUG("Opening inode for `%s'", utf8_name);
405 ntfs_inode *ni = ntfs_inode_open(ctx->dir_ni->vol, mref);
407 ERROR_WITH_ERRNO("Failed to open NTFS inode");
410 path_len = ctx->path_len;
412 ctx->path[path_len++] = '/';
413 memcpy(ctx->path + path_len, utf8_name, utf8_name_len + 1);
414 path_len += utf8_name_len;
415 ret = build_dentry_tree_ntfs_recursive(&child, ni, ctx->path, path_len,
416 ctx->lookup_table, ctx->sd_set,
417 ctx->config, ctx->ntfs_vol_p);
420 DEBUG("Linking dentry `%s' with parent `%s'",
421 child->file_name_utf8, ctx->parent->file_name_utf8);
422 link_dentry(child, ctx->parent);
424 ntfs_inode_close(ni);
431 /* Recursively build a WIM dentry tree corresponding to a NTFS volume.
432 * At the same time, update the WIM lookup table with lookup table entries for
433 * the NTFS streams, and build an array of security descriptors.
435 static int build_dentry_tree_ntfs_recursive(struct dentry **root_p,
439 struct lookup_table *lookup_table,
440 struct sd_set *sd_set,
441 const struct capture_config *config,
442 ntfs_volume **ntfs_vol_p)
450 if (exclude_path(path, config, false)) {
451 DEBUG("Excluding `%s' from capture", path);
455 DEBUG("Starting recursive capture at path = `%s'", path);
456 mrec_flags = ni->mrec->flags;
457 attributes = ntfs_inode_get_attributes(ni);
459 root = new_dentry(path_basename(path));
461 return WIMLIB_ERR_NOMEM;
464 root->creation_time = le64_to_cpu(ni->creation_time);
465 root->last_write_time = le64_to_cpu(ni->last_data_change_time);
466 root->last_access_time = le64_to_cpu(ni->last_access_time);
467 root->attributes = le32_to_cpu(attributes);
468 root->link_group_id = ni->mft_no;
469 root->resolved = true;
471 if (attributes & FILE_ATTR_REPARSE_POINT) {
472 DEBUG("Reparse point `%s'", path);
473 /* Junction point, symbolic link, or other reparse point */
474 ret = capture_ntfs_streams(root, ni, path, path_len,
475 lookup_table, ntfs_vol_p,
477 } else if (mrec_flags & MFT_RECORD_IS_DIRECTORY) {
478 DEBUG("Directory `%s'", path);
480 /* Normal directory */
482 struct readdir_ctx ctx = {
486 .path_len = path_len,
487 .lookup_table = lookup_table,
490 .ntfs_vol_p = ntfs_vol_p,
492 ret = ntfs_readdir(ni, &pos, &ctx, wim_ntfs_capture_filldir);
494 ERROR_WITH_ERRNO("ntfs_readdir()");
495 ret = WIMLIB_ERR_NTFS_3G;
498 DEBUG("Normal file `%s'", path);
500 ret = capture_ntfs_streams(root, ni, path, path_len,
501 lookup_table, ntfs_vol_p,
507 ret = ntfs_inode_get_security(ni,
508 OWNER_SECURITY_INFORMATION |
509 GROUP_SECURITY_INFORMATION |
510 DACL_SECURITY_INFORMATION |
511 SACL_SECURITY_INFORMATION,
514 ret = ntfs_inode_get_security(ni,
515 OWNER_SECURITY_INFORMATION |
516 GROUP_SECURITY_INFORMATION |
517 DACL_SECURITY_INFORMATION |
518 SACL_SECURITY_INFORMATION,
519 sd, sd_size, &sd_size);
521 ERROR_WITH_ERRNO("Failed to get security information from "
523 ret = WIMLIB_ERR_NTFS_3G;
526 /*print_security_descriptor(sd, sd_size);*/
527 root->security_id = sd_set_add_sd(sd_set, sd, sd_size);
528 if (root->security_id == -1) {
529 ERROR("Out of memory");
530 return WIMLIB_ERR_NOMEM;
532 DEBUG("Added security ID = %u for `%s'",
533 root->security_id, path);
535 root->security_id = -1;
536 DEBUG("No security ID for `%s'", path);
543 static int build_dentry_tree_ntfs(struct dentry **root_p,
545 struct lookup_table *lookup_table,
546 struct wim_security_data *sd,
547 const struct capture_config *config,
554 struct sd_set sd_set = {
558 ntfs_volume **ntfs_vol_p = extra_arg;
560 DEBUG("Mounting NTFS volume `%s' read-only", device);
562 vol = ntfs_mount(device, MS_RDONLY);
564 ERROR_WITH_ERRNO("Failed to mount NTFS volume `%s' read-only",
566 return WIMLIB_ERR_NTFS_3G;
569 /* We don't want to capture the special NTFS files such as $Bitmap. Not
570 * to be confused with "hidden" or "system" files which are real files
571 * that we do need to capture. */
572 NVolClearShowSysFiles(vol);
574 DEBUG("Opening root NTFS dentry");
575 root_ni = ntfs_inode_open(vol, FILE_root);
577 ERROR_WITH_ERRNO("Failed to open root inode of NTFS volume "
579 ret = WIMLIB_ERR_NTFS_3G;
583 /* Currently we assume that all the UTF-8 paths fit into this length and
584 * there is no check for overflow. */
585 char *path = MALLOC(32768);
587 ERROR("Could not allocate memory for NTFS pathname");
593 ret = build_dentry_tree_ntfs_recursive(root_p, root_ni, path, 1,
594 lookup_table, &sd_set,
598 ntfs_inode_close(root_ni);
599 destroy_sd_set(&sd_set);
603 if (ntfs_umount(vol, FALSE) != 0) {
604 ERROR_WITH_ERRNO("Failed to unmount NTFS volume `%s'",
607 ret = WIMLIB_ERR_NTFS_3G;
610 /* We need to leave the NTFS volume mounted so that we can read
611 * the NTFS files again when we are actually writing the WIM */
619 WIMLIBAPI int wimlib_add_image_from_ntfs_volume(WIMStruct *w,
622 const char *config_str,
626 if (flags & (WIMLIB_ADD_IMAGE_FLAG_DEREFERENCE)) {
627 ERROR("Cannot dereference files when capturing directly from NTFS");
628 return WIMLIB_ERR_INVALID_PARAM;
630 return do_add_image(w, device, name, config_str, config_len, flags,
631 build_dentry_tree_ntfs, &w->ntfs_vol);
634 #else /* WITH_NTFS_3G */
635 WIMLIBAPI int wimlib_add_image_from_ntfs_volume(WIMStruct *w,
638 const char *config_str,
642 ERROR("wimlib was compiled without support for NTFS-3g, so");
643 ERROR("we cannot capture a WIM image directly from a NTFS volume");
644 return WIMLIB_ERR_UNSUPPORTED;
646 #endif /* WITH_NTFS_3G */