2 * reparse.c - Handle reparse data.
6 * Copyright (C) 2012, 2013 Eric Biggers
8 * This file is part of wimlib, a library for working with WIM files.
10 * wimlib is free software; you can redistribute it and/or modify it under the
11 * terms of the GNU General Public License as published by the Free
12 * Software Foundation; either version 3 of the License, or (at your option)
15 * wimlib is distributed in the hope that it will be useful, but WITHOUT ANY
16 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
17 * A PARTICULAR PURPOSE. See the GNU General Public License for more
20 * You should have received a copy of the GNU General Public License
21 * along with wimlib; if not, see http://www.gnu.org/licenses/.
28 #include "wimlib/assert.h"
29 #include "wimlib/compiler.h"
30 #include "wimlib/endianness.h"
31 #include "wimlib/dentry.h"
32 #include "wimlib/encoding.h"
33 #include "wimlib/error.h"
34 #include "wimlib/lookup_table.h"
35 #include "wimlib/reparse.h"
36 #include "wimlib/resource.h"
39 # include "wimlib/win32.h" /* for win32_get_file_and_vol_ids() */
48 static const utf16lechar volume_junction_prefix[11] = {
62 /* Parse the "substitute name" (link target) from a symbolic link or junction
67 * Non-negative integer:
68 * The name is an absolute symbolic link in one of several formats,
69 * and the return value is the number of UTF-16LE characters that need to
70 * be advanced to reach a simple "absolute" path starting with a backslash
71 * (i.e. skip over \??\ and/or drive letter)
73 * SUBST_NAME_IS_VOLUME_JUNCTION:
74 * The name is a volume junction.
75 * SUBST_NAME_IS_RELATIVE_LINK:
76 * The name is a relative symbolic link.
77 * SUBST_NAME_IS_UNKNOWN:
78 * The name does not appear to be a valid symbolic link, junction,
82 parse_substitute_name(const utf16lechar *substitute_name,
83 u16 substitute_name_nbytes, u32 rptag)
85 u16 substitute_name_nchars = substitute_name_nbytes / 2;
87 if (substitute_name_nchars >= 7 &&
88 substitute_name[0] == cpu_to_le16('\\') &&
89 substitute_name[1] == cpu_to_le16('?') &&
90 substitute_name[2] == cpu_to_le16('?') &&
91 substitute_name[3] == cpu_to_le16('\\') &&
92 substitute_name[4] != cpu_to_le16('\0') &&
93 substitute_name[5] == cpu_to_le16(':') &&
94 substitute_name[6] == cpu_to_le16('\\'))
96 /* "Full" symlink or junction (\??\x:\ prefixed path) */
98 } else if (rptag == WIM_IO_REPARSE_TAG_MOUNT_POINT &&
99 substitute_name_nchars >= 12 &&
100 memcmp(substitute_name, volume_junction_prefix,
101 sizeof(volume_junction_prefix)) == 0 &&
102 substitute_name[substitute_name_nchars - 1] == cpu_to_le16('\\'))
104 /* Volume junction. Can't really do anything with it. */
105 return SUBST_NAME_IS_VOLUME_JUNCTION;
106 } else if (rptag == WIM_IO_REPARSE_TAG_SYMLINK &&
107 substitute_name_nchars >= 3 &&
108 substitute_name[0] != cpu_to_le16('\0') &&
109 substitute_name[1] == cpu_to_le16(':') &&
110 substitute_name[2] == cpu_to_le16('\\'))
112 /* "Absolute" symlink, with drive letter */
114 } else if (rptag == WIM_IO_REPARSE_TAG_SYMLINK &&
115 substitute_name_nchars >= 1)
117 if (substitute_name[0] == cpu_to_le16('\\'))
118 /* "Absolute" symlink, without drive letter */
121 /* "Relative" symlink, without drive letter */
122 return SUBST_NAME_IS_RELATIVE_LINK;
124 return SUBST_NAME_IS_UNKNOWN;
128 struct reparse_buffer_disk {
132 le16 substitute_name_offset;
133 le16 substitute_name_nbytes;
134 le16 print_name_offset;
135 le16 print_name_nbytes;
139 u8 data[REPARSE_POINT_MAX_SIZE - 20];
140 } _packed_attribute symlink;
142 u8 data[REPARSE_POINT_MAX_SIZE - 16];
143 } _packed_attribute junction;
148 * Read the data from a symbolic link, junction, or mount point reparse point
149 * buffer into a `struct reparse_data'.
151 * See http://msdn.microsoft.com/en-us/library/cc232006(v=prot.10).aspx for a
152 * description of the format of the reparse point buffers.
155 parse_reparse_data(const u8 * restrict rpbuf, u16 rpbuflen,
156 struct reparse_data * restrict rpdata)
158 u16 substitute_name_offset;
159 u16 print_name_offset;
160 const struct reparse_buffer_disk *rpbuf_disk =
161 (const struct reparse_buffer_disk*)rpbuf;
164 memset(rpdata, 0, sizeof(*rpdata));
167 rpdata->rptag = le32_to_cpu(rpbuf_disk->rptag);
168 wimlib_assert(rpdata->rptag == WIM_IO_REPARSE_TAG_SYMLINK ||
169 rpdata->rptag == WIM_IO_REPARSE_TAG_MOUNT_POINT);
170 rpdata->rpdatalen = le16_to_cpu(rpbuf_disk->rpdatalen);
171 rpdata->rpreserved = le16_to_cpu(rpbuf_disk->rpreserved);
172 substitute_name_offset = le16_to_cpu(rpbuf_disk->substitute_name_offset);
173 rpdata->substitute_name_nbytes = le16_to_cpu(rpbuf_disk->substitute_name_nbytes);
174 print_name_offset = le16_to_cpu(rpbuf_disk->print_name_offset);
175 rpdata->print_name_nbytes = le16_to_cpu(rpbuf_disk->print_name_nbytes);
177 if ((substitute_name_offset & 1) | (print_name_offset & 1) |
178 (rpdata->substitute_name_nbytes & 1) | (rpdata->print_name_nbytes & 1))
180 /* Names would be unaligned... */
184 if (rpdata->rptag == WIM_IO_REPARSE_TAG_SYMLINK) {
187 rpdata->rpflags = le16_to_cpu(rpbuf_disk->symlink.rpflags);
188 data = rpbuf_disk->symlink.data;
190 data = rpbuf_disk->junction.data;
192 if ((size_t)substitute_name_offset + rpdata->substitute_name_nbytes +
193 (data - rpbuf) > rpbuflen)
195 if ((size_t)print_name_offset + rpdata->print_name_nbytes +
196 (data - rpbuf) > rpbuflen)
198 rpdata->substitute_name = (utf16lechar*)&data[substitute_name_offset];
199 rpdata->print_name = (utf16lechar*)&data[print_name_offset];
202 ERROR("Invalid reparse data");
203 return WIMLIB_ERR_INVALID_REPARSE_DATA;
207 * Create a reparse point data buffer.
209 * @rpdata: Structure that contains the data we need.
211 * @rpbuf: Buffer into which to write the reparse point data buffer. Must be
212 * at least REPARSE_POINT_MAX_SIZE bytes long.
215 make_reparse_buffer(const struct reparse_data * restrict rpdata,
218 struct reparse_buffer_disk *rpbuf_disk =
219 (struct reparse_buffer_disk*)rpbuf;
222 rpbuf_disk->rptag = cpu_to_le32(rpdata->rptag);
223 rpbuf_disk->rpreserved = cpu_to_le16(rpdata->rpreserved);
224 rpbuf_disk->substitute_name_offset = cpu_to_le16(0);
225 rpbuf_disk->substitute_name_nbytes = cpu_to_le16(rpdata->substitute_name_nbytes);
226 rpbuf_disk->print_name_offset = cpu_to_le16(rpdata->substitute_name_nbytes + 2);
227 rpbuf_disk->print_name_nbytes = cpu_to_le16(rpdata->print_name_nbytes);
229 if (rpdata->rptag == WIM_IO_REPARSE_TAG_SYMLINK) {
230 rpbuf_disk->symlink.rpflags = cpu_to_le32(rpdata->rpflags);
231 data = rpbuf_disk->symlink.data;
233 data = rpbuf_disk->junction.data;
236 /* We null-terminate the substitute and print names, although this may
237 * not be strictly necessary. Note that the byte counts should not
238 * include the null terminators. */
239 if (data + rpdata->substitute_name_nbytes +
240 rpdata->print_name_nbytes +
241 2 * sizeof(utf16lechar) - rpbuf > REPARSE_POINT_MAX_SIZE)
243 ERROR("Reparse data is too long!");
244 return WIMLIB_ERR_INVALID_REPARSE_DATA;
246 data = mempcpy(data, rpdata->substitute_name, rpdata->substitute_name_nbytes);
247 *(utf16lechar*)data = cpu_to_le16(0);
249 data = mempcpy(data, rpdata->print_name, rpdata->print_name_nbytes);
250 *(utf16lechar*)data = cpu_to_le16(0);
252 rpbuf_disk->rpdatalen = cpu_to_le16(data - rpbuf - 8);
257 * Read the reparse data from a WIM inode that is a reparse point.
259 * @rpbuf points to a buffer at least REPARSE_POINT_MAX_SIZE bytes into which
260 * the reparse point data buffer will be reconstructed.
262 * Note: in the WIM format, the first 8 bytes of the reparse point data buffer
263 * are omitted, presumably because we already know the reparse tag from the
264 * dentry, and we already know the reparse tag length from the lookup table
265 * entry resource length. However, we reconstruct the first 8 bytes in the
266 * buffer returned by this function.
269 wim_inode_get_reparse_data(const struct wim_inode * restrict inode,
272 struct wim_lookup_table_entry *lte;
274 struct reparse_buffer_disk *rpbuf_disk;
276 wimlib_assert(inode->i_attributes & FILE_ATTRIBUTE_REPARSE_POINT);
278 lte = inode_unnamed_lte_resolved(inode);
280 ERROR("Reparse point has no reparse data!");
281 return WIMLIB_ERR_INVALID_REPARSE_DATA;
283 if (wim_resource_size(lte) > REPARSE_POINT_MAX_SIZE - 8) {
284 ERROR("Reparse data is too long!");
285 return WIMLIB_ERR_INVALID_REPARSE_DATA;
288 /* Read the data from the WIM file */
289 ret = read_full_resource_into_buf(lte, rpbuf + 8);
293 /* Reconstruct the first 8 bytes of the reparse point buffer */
294 rpbuf_disk = (struct reparse_buffer_disk*)rpbuf;
297 rpbuf_disk->rptag = cpu_to_le32(inode->i_reparse_tag);
299 /* ReparseDataLength */
300 rpbuf_disk->rpdatalen = cpu_to_le16(wim_resource_size(lte));
303 * XXX this could be one of the unknown fields in the WIM dentry. */
304 rpbuf_disk->rpreserved = cpu_to_le16(0);
308 /* UNIX version of getting and setting the data in reparse points */
309 #if !defined(__WIN32__)
311 /* Get the UNIX symlink target from a WIM inode. The inode may be either a
312 * "real" symlink (reparse tag WIM_IO_REPARSE_TAG_SYMLINK), or it may be a
313 * junction point (reparse tag WIM_IO_REPARSE_TAG_MOUNT_POINT).
315 * This has similar semantics to the UNIX readlink() function, except the path
316 * argument is swapped out with the `struct wim_inode' for a reparse point, and
317 * on failure a negated error code is returned rather than -1 with errno set. */
319 wim_inode_readlink(const struct wim_inode * restrict inode,
320 char * restrict buf, size_t bufsize)
323 struct reparse_buffer_disk rpbuf_disk _aligned_attribute(8);
325 struct reparse_data rpdata;
327 char *translated_target;
328 size_t link_target_len;
330 wimlib_assert(inode_is_symlink(inode));
332 if (wim_inode_get_reparse_data(inode, (u8*)&rpbuf_disk))
335 if (parse_reparse_data((const u8*)&rpbuf_disk,
336 le16_to_cpu(rpbuf_disk.rpdatalen) + 8, &rpdata))
339 ret = utf16le_to_tstr(rpdata.substitute_name,
340 rpdata.substitute_name_nbytes,
341 &link_target, &link_target_len);
345 translated_target = link_target;
346 ret = parse_substitute_name(rpdata.substitute_name,
347 rpdata.substitute_name_nbytes,
350 case SUBST_NAME_IS_RELATIVE_LINK:
351 goto out_translate_slashes;
352 case SUBST_NAME_IS_VOLUME_JUNCTION:
354 case SUBST_NAME_IS_UNKNOWN:
355 ERROR("Can't understand reparse point "
356 "substitute name \"%s\"", link_target);
359 translated_target += ret;
360 link_target_len -= ret;
364 out_translate_slashes:
365 for (size_t i = 0; i < link_target_len; i++)
366 if (translated_target[i] == '\\')
367 translated_target[i] = '/';
369 if (link_target_len > bufsize) {
370 link_target_len = bufsize;
373 ret = link_target_len;
375 memcpy(buf, translated_target, link_target_len);
381 wim_inode_set_symlink(struct wim_inode *inode,
383 struct wim_lookup_table *lookup_table)
386 struct reparse_buffer_disk rpbuf_disk _aligned_attribute(8);
387 struct reparse_data rpdata;
388 static const char abs_subst_name_prefix[12] = "\\\0?\0?\0\\\0C\0:\0";
389 static const char abs_print_name_prefix[4] = "C\0:\0";
390 utf16lechar *name_utf16le;
391 size_t name_utf16le_nbytes;
394 DEBUG("Creating reparse point data buffer for UNIX "
395 "symlink target \"%s\"", target);
396 memset(&rpdata, 0, sizeof(rpdata));
397 ret = tstr_to_utf16le(target, strlen(target),
398 &name_utf16le, &name_utf16le_nbytes);
402 for (size_t i = 0; i < name_utf16le_nbytes / 2; i++)
403 if (name_utf16le[i] == cpu_to_le16('/'))
404 name_utf16le[i] = cpu_to_le16('\\');
406 /* Compatability notes:
408 * On UNIX, an absolute symbolic link begins with '/'; everything else
409 * is a relative symbolic link. (Quite simple compared to the various
410 * ways to provide Windows paths.)
412 * To change a UNIX relative symbolic link to Windows format, we only
413 * need to translate it to UTF-16LE and replace backslashes with forward
414 * slashes. We do not make any attempt to handle filename character
415 * problems, such as a link target that itself contains backslashes on
416 * UNIX. Then, for these relative links, we set the reparse header
417 * @flags field to SYMBOLIC_LINK_RELATIVE.
419 * For UNIX absolute symbolic links, we must set the @flags field to 0.
420 * Then, there are multiple options as to actually represent the
421 * absolute link targets:
423 * (1) An absolute path beginning with one backslash character. similar
424 * to UNIX-style, just with a different path separator. Print name same
425 * as substitute name.
427 * (2) Absolute path beginning with drive letter followed by a
428 * backslash. Print name same as substitute name.
430 * (3) Absolute path beginning with drive letter followed by a
431 * backslash; substitute name prefixed with \??\, otherwise same as
434 * We choose option (3) here, and we just assume C: for the drive
435 * letter. The reasoning for this is:
437 * (1) Microsoft imagex.exe has a bug where it does not attempt to do
438 * reparse point fixups for these links, even though they are valid
439 * absolute links. (Note: in this case prefixing the substitute name
440 * with \??\ does not work; it just makes the data unable to be restored
442 * (2) Microsoft imagex.exe will fail when doing reparse point fixups
443 * for these. It apparently contains a bug that causes it to create an
444 * invalid reparse point, which then cannot be restored.
445 * (3) This is the only option I tested for which reparse point fixups
446 * worked properly in Microsoft imagex.exe.
448 * So option (3) it is.
451 rpdata.rptag = inode->i_reparse_tag;
452 if (target[0] == '/') {
453 rpdata.substitute_name_nbytes = name_utf16le_nbytes +
454 sizeof(abs_subst_name_prefix);
455 rpdata.print_name_nbytes = name_utf16le_nbytes +
456 sizeof(abs_print_name_prefix);
457 rpdata.substitute_name = alloca(rpdata.substitute_name_nbytes);
458 rpdata.print_name = alloca(rpdata.print_name_nbytes);
459 memcpy(rpdata.substitute_name, abs_subst_name_prefix,
460 sizeof(abs_subst_name_prefix));
461 memcpy(rpdata.print_name, abs_print_name_prefix,
462 sizeof(abs_print_name_prefix));
463 memcpy((void*)rpdata.substitute_name + sizeof(abs_subst_name_prefix),
464 name_utf16le, name_utf16le_nbytes);
465 memcpy((void*)rpdata.print_name + sizeof(abs_print_name_prefix),
466 name_utf16le, name_utf16le_nbytes);
468 rpdata.substitute_name_nbytes = name_utf16le_nbytes;
469 rpdata.print_name_nbytes = name_utf16le_nbytes;
470 rpdata.substitute_name = name_utf16le;
471 rpdata.print_name = name_utf16le;
472 rpdata.rpflags = SYMBOLIC_LINK_RELATIVE;
475 ret = make_reparse_buffer(&rpdata, (u8*)&rpbuf_disk);
477 ret = inode_set_unnamed_stream(inode,
478 (u8*)&rpbuf_disk + 8,
479 le16_to_cpu(rpbuf_disk.rpdatalen),
486 #include <sys/stat.h>
489 unix_get_ino_and_dev(const char *path, u64 *ino_ret, u64 *dev_ret)
492 if (stat(path, &stbuf)) {
494 WARNING_WITH_ERRNO("Failed to stat \"%s\"", path);
495 /* Treat as a link pointing outside the capture root (it
496 * most likely is). */
497 return WIMLIB_ERR_STAT;
499 *ino_ret = stbuf.st_ino;
500 *dev_ret = stbuf.st_dev;
505 #endif /* !defined(__WIN32__) */
508 # define RP_PATH_SEPARATOR L'\\'
509 # define is_rp_path_separator(c) ((c) == L'\\' || (c) == L'/')
510 # define os_get_ino_and_dev win32_get_file_and_vol_ids
512 # define RP_PATH_SEPARATOR '/'
513 # define is_rp_path_separator(c) ((c) == '/')
514 # define os_get_ino_and_dev unix_get_ino_and_dev
517 /* Fix up absolute symbolic link targets--- mostly shared between UNIX and
520 capture_fixup_absolute_symlink(tchar *dest,
521 u64 capture_root_ino, u64 capture_root_dev)
526 /* Skip drive letter */
527 if (!is_rp_path_separator(*dest))
531 DEBUG("Fixing symlink or junction \"%"TS"\"", dest);
538 while (is_rp_path_separator(*p))
543 ret = os_get_ino_and_dev(dest, &ino, &dev);
546 if (ret) /* stat() failed before we got to the capture root---
547 assume the link points outside it. */
550 if (ino == capture_root_ino && dev == capture_root_dev) {
551 /* Link points inside capture root. Return abbreviated
554 *(p - 1) = RP_PATH_SEPARATOR;
555 while (p - 1 >= dest && is_rp_path_separator(*(p - 1)))
558 if (!is_rp_path_separator(dest[0])) {
563 wimlib_assert(p >= dest);
568 /* Link points outside capture root. */
574 } while (!is_rp_path_separator(*p) && *p != T('\0'));