Fixes, comments
[wimlib] / src / verify.c
1 /*
2  * verify.c
3  *
4  * Some functions to verify that stuff in the WIM is valid.  Of course, not
5  * *all* the verifications of the input data are in this file.
6  */
7
8 /*
9  * Copyright (C) 2012, 2013 Eric Biggers
10  *
11  * wimlib - Library for working with WIM files
12  *
13  * This file is part of wimlib, a library for working with WIM files.
14  *
15  * wimlib is free software; you can redistribute it and/or modify it under the
16  * terms of the GNU General Public License as published by the Free
17  * Software Foundation; either version 3 of the License, or (at your option)
18  * any later version.
19  *
20  * wimlib is distributed in the hope that it will be useful, but WITHOUT ANY
21  * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
22  * A PARTICULAR PURPOSE. See the GNU General Public License for more
23  * details.
24  *
25  * You should have received a copy of the GNU General Public License
26  * along with wimlib; if not, see http://www.gnu.org/licenses/.
27  */
28
29 #include "wimlib_internal.h"
30 #include "dentry.h"
31 #include "lookup_table.h"
32
33 static int
34 verify_inode(struct wim_inode *inode, const WIMStruct *w)
35 {
36         const struct wim_lookup_table *table = w->lookup_table;
37         const struct wim_security_data *sd = wim_const_security_data(w);
38         struct wim_dentry *first_dentry = inode_first_dentry(inode);
39         struct wim_dentry *dentry;
40         int ret = WIMLIB_ERR_INVALID_DENTRY;
41
42         /* Check the security ID.  -1 is valid and means "no security
43          * descriptor".  Anything else has to be a valid index into the WIM
44          * image's security descriptors table. */
45         if (inode->i_security_id < -1) {
46                 ERROR("Dentry `%"TS"' has an invalid security ID (%d)",
47                       dentry_full_path(first_dentry), inode->i_security_id);
48                 goto out;
49         }
50
51         if (inode->i_security_id >= sd->num_entries) {
52                 ERROR("Dentry `%"TS"' has an invalid security ID (%d) "
53                       "(there are only %u entries in the security table)",
54                       dentry_full_path(first_dentry), inode->i_security_id,
55                       sd->num_entries);
56                 goto out;
57         }
58
59         /* Check that lookup table entries for all the inode's stream exist,
60          * except if the SHA1 message digest is all 0's, which indicates an
61          * empty stream.
62          *
63          * This check is skipped on split WIMs. */
64         if (w->hdr.total_parts == 1) {
65                 for (unsigned i = 0; i <= inode->i_num_ads; i++) {
66                         struct wim_lookup_table_entry *lte;
67                         const u8 *hash;
68                         hash = inode_stream_hash_unresolved(inode, i);
69                         lte = __lookup_resource(table, hash);
70                         if (!lte && !is_zero_hash(hash)) {
71                                 ERROR("Could not find lookup table entry for stream "
72                                       "%u of dentry `%"TS"'",
73                                       i, dentry_full_path(first_dentry));
74                                 goto out;
75                         }
76                         if (lte)
77                                 lte->real_refcnt += inode->i_nlink;
78                 }
79         }
80
81         /* Make sure there is only one unnamed data stream. */
82         unsigned num_unnamed_streams = 0;
83         for (unsigned i = 0; i <= inode->i_num_ads; i++) {
84                 const u8 *hash;
85                 hash = inode_stream_hash_unresolved(inode, i);
86                 if (inode_stream_name_nbytes(inode, i) == 0 && !is_zero_hash(hash))
87                         num_unnamed_streams++;
88         }
89         if (num_unnamed_streams > 1) {
90                 ERROR("Dentry `%"TS"' has multiple (%u) un-named streams",
91                       dentry_full_path(first_dentry), num_unnamed_streams);
92                 goto out;
93         }
94
95         /* Files cannot have multiple DOS names, even if they have multiple
96          * names in multiple directories (i.e. hard links).
97          * Source: NTFS-3g authors. */
98         struct wim_dentry *dentry_with_dos_name = NULL;
99         inode_for_each_dentry(dentry, inode) {
100                 if (dentry_has_short_name(dentry)) {
101                         if (dentry_with_dos_name) {
102                                 ERROR("Hard-linked file has a DOS name at "
103                                       "both `%"TS"' and `%"TS"'",
104                                       dentry_full_path(dentry_with_dos_name),
105                                       dentry_full_path(dentry));
106                                 goto out;
107                         }
108                         dentry_with_dos_name = dentry;
109                 }
110         }
111
112         /* Directories with multiple links have not been tested. XXX */
113         if (inode->i_nlink > 1 && inode->i_attributes & FILE_ATTRIBUTE_DIRECTORY) {
114                 ERROR("Hard-linked directory `%"TS"' is unsupported",
115                       dentry_full_path(first_dentry));
116                 goto out;
117         }
118
119         inode->i_verified = 1;
120         ret = 0;
121 out:
122         return ret;
123 }
124
125 /* Run some miscellaneous verifications on a WIM dentry */
126 int
127 verify_dentry(struct wim_dentry *dentry, void *wim)
128 {
129         int ret;
130         WIMStruct *w = wim;
131
132         /* Verify the associated inode, but only one time no matter how many
133          * dentries it has (unless we are doing a full verification of the WIM,
134          * in which case we need to force the inode to be verified again.) */
135         if (!dentry->d_inode->i_verified) {
136                 ret = verify_inode(dentry->d_inode, w);
137                 if (ret != 0)
138                         return ret;
139         }
140
141         /* Make sure root dentry is unnamed, while every other dentry has at
142          * least a long name.
143          *
144          * I am assuming that dentries having only a DOS name is illegal; i.e.,
145          * Windows will always combine the Win32 name and DOS name for a file
146          * into a single WIM dentry, even if they are stored separately on NTFS.
147          * (This seems to be the case...) */
148         if (dentry_is_root(dentry)) {
149                 if (dentry_has_long_name(dentry) || dentry_has_short_name(dentry)) {
150                         ERROR("The root dentry has a nonempty name!");
151                         return WIMLIB_ERR_INVALID_DENTRY;
152                 }
153         } else {
154                 if (!dentry_has_long_name(dentry)) {
155                         ERROR("Dentry `%"TS"' has no long name!",
156                               dentry_full_path(dentry));
157                         return WIMLIB_ERR_INVALID_DENTRY;
158                 }
159         }
160
161 #if 0
162         /* Check timestamps */
163         if (inode->i_last_access_time < inode->i_creation_time ||
164             inode->i_last_write_time < inode->i_creation_time) {
165                 WARNING("Dentry `%"TS"' was created after it was last accessed or "
166                         "written to", dentry->full_path);
167         }
168 #endif
169
170         return 0;
171 }
172
173 static int
174 image_run_full_verifications(WIMStruct *w)
175 {
176         struct wim_image_metadata *imd;
177         struct wim_inode *inode;
178
179         imd = wim_get_current_image_metadata(w);
180         image_for_each_inode(inode, imd)
181                 inode->i_verified = 0;
182         return for_dentry_in_tree(imd->root_dentry, verify_dentry, w);
183 }
184
185 static int
186 lte_fix_refcnt(struct wim_lookup_table_entry *lte, void *ctr)
187 {
188         if (lte->refcnt != lte->real_refcnt) {
189         #ifdef ENABLE_ERROR_MESSAGES
190                 WARNING("The following lookup table entry has a reference "
191                         "count of %u, but", lte->refcnt);
192                 WARNING("We found %u references to it",
193                         lte->real_refcnt);
194                 print_lookup_table_entry(lte, stderr);
195         #endif
196                 lte->refcnt = lte->real_refcnt;
197                 ++*(unsigned long *)ctr;
198         }
199         return 0;
200 }
201
202 /* Ideally this would be unnecessary... however, the WIMs for Windows 8 are
203  * screwed up because some lookup table entries are referenced more times than
204  * their stated reference counts.  So theoretically, if we delete all the
205  * references to a stream and then remove it, it might still be referenced
206  * somewhere else, making a file be missing from the WIM... So, work around this
207  * problem by looking at ALL the images to re-calculate the reference count of
208  * EVERY lookup table entry.  This only absolutely has to be done before an image
209  * is deleted or before an image is mounted read-write. */
210 int
211 wim_run_full_verifications(WIMStruct *w)
212 {
213         int ret;
214
215         for_lookup_table_entry(w->lookup_table, lte_zero_real_refcnt, NULL);
216
217         w->all_images_verified = 1; /* Set *before* image_run_full_verifications,
218                                        because of check in read_metadata_resource() */
219         ret = for_image(w, WIMLIB_ALL_IMAGES, image_run_full_verifications);
220         if (ret == 0) {
221                 unsigned long num_ltes_with_bogus_refcnt = 0;
222                 for_lookup_table_entry(w->lookup_table, lte_fix_refcnt,
223                                        &num_ltes_with_bogus_refcnt);
224                 if (num_ltes_with_bogus_refcnt != 0) {
225                         WARNING("A total of %lu entries in the WIM's stream "
226                                 "lookup table had to have\n"
227                                 "          their reference counts fixed.",
228                                 num_ltes_with_bogus_refcnt);
229                 }
230         } else {
231                 w->all_images_verified = 0;
232         }
233         return ret;
234 }
235
236 /*
237  * verify_swm_set: - Sanity checks to make sure a set of WIMs correctly
238  *                   correspond to a spanned set.
239  *
240  * @w:
241  *      Part 1 of the set.
242  *
243  * @additional_swms:
244  *      All parts of the set other than part 1.
245  *
246  * @num_additional_swms:
247  *      Number of WIMStructs in @additional_swms.  Or, the total number of parts
248  *      in the set minus 1.
249  *
250  * @return:
251  *      0 on success; WIMLIB_ERR_SPLIT_INVALID if the set is not valid.
252  */
253 int
254 verify_swm_set(WIMStruct *w, WIMStruct **additional_swms,
255                unsigned num_additional_swms)
256 {
257         unsigned total_parts = w->hdr.total_parts;
258         int ctype;
259         const u8 *guid;
260
261         if (total_parts != num_additional_swms + 1) {
262                 ERROR("`%"TS"' says there are %u parts in the spanned set, "
263                       "but %"TS"%u part%"TS" provided",
264                       w->filename, total_parts,
265                       (num_additional_swms + 1 < total_parts) ? T("only ") : T(""),
266                       num_additional_swms + 1,
267                       (num_additional_swms) ? T("s were") : T(" was"));
268                 return WIMLIB_ERR_SPLIT_INVALID;
269         }
270         if (w->hdr.part_number != 1) {
271                 ERROR("WIM `%"TS"' is not the first part of the split WIM.",
272                       w->filename);
273                 return WIMLIB_ERR_SPLIT_INVALID;
274         }
275         for (unsigned i = 0; i < num_additional_swms; i++) {
276                 if (additional_swms[i]->hdr.total_parts != total_parts) {
277                         ERROR("WIM `%"TS"' says there are %u parts in the "
278                               "spanned set, but %u parts were provided",
279                               additional_swms[i]->filename,
280                               additional_swms[i]->hdr.total_parts,
281                               total_parts);
282                         return WIMLIB_ERR_SPLIT_INVALID;
283                 }
284         }
285
286         /* keep track of ctype and guid just to make sure they are the same for
287          * all the WIMs. */
288         ctype = wimlib_get_compression_type(w);
289         guid = w->hdr.guid;
290
291         {
292                 /* parts_to_swms is not allocated at function scope because it
293                  * should only be allocated after num_additional_swms was
294                  * checked to be the same as w->hdr.total_parts.  Otherwise, it
295                  * could be unexpectedly high and cause a stack overflow. */
296                 WIMStruct *parts_to_swms[num_additional_swms];
297                 ZERO_ARRAY(parts_to_swms);
298                 for (unsigned i = 0; i < num_additional_swms; i++) {
299
300                         WIMStruct *swm = additional_swms[i];
301
302                         if (wimlib_get_compression_type(swm) != ctype) {
303                                 ERROR("The split WIMs do not all have the same "
304                                       "compression type");
305                                 return WIMLIB_ERR_SPLIT_INVALID;
306                         }
307                         if (memcmp(guid, swm->hdr.guid, WIM_GID_LEN) != 0) {
308                                 ERROR("The split WIMs do not all have the same "
309                                       "GUID");
310                                 return WIMLIB_ERR_SPLIT_INVALID;
311                         }
312                         if (swm->hdr.part_number == 1) {
313                                 ERROR("WIMs `%"TS"' and `%"TS"' both are marked "
314                                       "as the first WIM in the spanned set",
315                                       w->filename, swm->filename);
316                                 return WIMLIB_ERR_SPLIT_INVALID;
317                         }
318                         if (swm->hdr.part_number == 0 ||
319                             swm->hdr.part_number > total_parts)
320                         {
321                                 ERROR("WIM `%"TS"' says it is part %u in the "
322                                       "spanned set, but the part number must "
323                                       "be in the range [1, %u]",
324                                       swm->filename, swm->hdr.part_number, total_parts);
325                                 return WIMLIB_ERR_SPLIT_INVALID;
326                         }
327                         if (parts_to_swms[swm->hdr.part_number - 2])
328                         {
329                                 ERROR("`%"TS"' and `%"TS"' are both marked as "
330                                       "part %u of %u in the spanned set",
331                                       parts_to_swms[swm->hdr.part_number - 2]->filename,
332                                       swm->filename,
333                                       swm->hdr.part_number,
334                                       total_parts);
335                                 return WIMLIB_ERR_SPLIT_INVALID;
336                         } else {
337                                 parts_to_swms[swm->hdr.part_number - 2] = swm;
338                         }
339                 }
340         }
341         return 0;
342 }