Refactor headers
[wimlib] / src / verify.c
1 /*
2  * verify.c
3  *
4  * Some functions to verify that stuff in the WIM is valid.  Of course, not
5  * *all* the verifications of the input data are in this file.
6  */
7
8 /*
9  * Copyright (C) 2012, 2013 Eric Biggers
10  *
11  * wimlib - Library for working with WIM files
12  *
13  * This file is part of wimlib, a library for working with WIM files.
14  *
15  * wimlib is free software; you can redistribute it and/or modify it under the
16  * terms of the GNU General Public License as published by the Free
17  * Software Foundation; either version 3 of the License, or (at your option)
18  * any later version.
19  *
20  * wimlib is distributed in the hope that it will be useful, but WITHOUT ANY
21  * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
22  * A PARTICULAR PURPOSE. See the GNU General Public License for more
23  * details.
24  *
25  * You should have received a copy of the GNU General Public License
26  * along with wimlib; if not, see http://www.gnu.org/licenses/.
27  */
28
29 #ifdef HAVE_CONFIG_H
30 #  include "config.h"
31 #endif
32
33 #include "wimlib/dentry.h"
34 #include "wimlib/error.h"
35 #include "wimlib/lookup_table.h"
36 #include "wimlib/metadata.h"
37 #include "wimlib/security.h"
38 #include "wimlib/swm.h"
39
40 static int
41 verify_inode(struct wim_inode *inode, const WIMStruct *w)
42 {
43         const struct wim_lookup_table *table = w->lookup_table;
44         const struct wim_security_data *sd = wim_const_security_data(w);
45         struct wim_dentry *first_dentry = inode_first_dentry(inode);
46         struct wim_dentry *dentry;
47         int ret = WIMLIB_ERR_INVALID_DENTRY;
48
49         /* Check the security ID.  -1 is valid and means "no security
50          * descriptor".  Anything else has to be a valid index into the WIM
51          * image's security descriptors table. */
52         if (inode->i_security_id < -1) {
53                 ERROR("Dentry `%"TS"' has an invalid security ID (%d)",
54                       dentry_full_path(first_dentry), inode->i_security_id);
55                 goto out;
56         }
57
58         if (inode->i_security_id >= sd->num_entries) {
59                 ERROR("Dentry `%"TS"' has an invalid security ID (%d) "
60                       "(there are only %u entries in the security table)",
61                       dentry_full_path(first_dentry), inode->i_security_id,
62                       sd->num_entries);
63                 goto out;
64         }
65
66         /* Check that lookup table entries for all the inode's stream exist,
67          * except if the SHA1 message digest is all 0's, which indicates an
68          * empty stream.
69          *
70          * This check is skipped on split WIMs. */
71         if (w->hdr.total_parts == 1) {
72                 for (unsigned i = 0; i <= inode->i_num_ads; i++) {
73                         struct wim_lookup_table_entry *lte;
74                         const u8 *hash;
75                         hash = inode_stream_hash_unresolved(inode, i);
76                         lte = __lookup_resource(table, hash);
77                         if (!lte && !is_zero_hash(hash)) {
78                                 ERROR("Could not find lookup table entry for stream "
79                                       "%u of dentry `%"TS"'",
80                                       i, dentry_full_path(first_dentry));
81                                 goto out;
82                         }
83                         if (lte)
84                                 lte->real_refcnt += inode->i_nlink;
85                 }
86         }
87
88         /* Make sure there is only one unnamed data stream. */
89         unsigned num_unnamed_streams = 0;
90         for (unsigned i = 0; i <= inode->i_num_ads; i++) {
91                 const u8 *hash;
92                 hash = inode_stream_hash_unresolved(inode, i);
93                 if (inode_stream_name_nbytes(inode, i) == 0 && !is_zero_hash(hash))
94                         num_unnamed_streams++;
95         }
96         if (num_unnamed_streams > 1) {
97                 ERROR("Dentry `%"TS"' has multiple (%u) un-named streams",
98                       dentry_full_path(first_dentry), num_unnamed_streams);
99                 goto out;
100         }
101
102         /* Files cannot have multiple DOS names, even if they have multiple
103          * names in multiple directories (i.e. hard links).
104          * Source: NTFS-3g authors. */
105         struct wim_dentry *dentry_with_dos_name = NULL;
106         inode_for_each_dentry(dentry, inode) {
107                 if (dentry_has_short_name(dentry)) {
108                         if (dentry_with_dos_name) {
109                                 ERROR("Hard-linked file has a DOS name at "
110                                       "both `%"TS"' and `%"TS"'",
111                                       dentry_full_path(dentry_with_dos_name),
112                                       dentry_full_path(dentry));
113                                 goto out;
114                         }
115                         dentry_with_dos_name = dentry;
116                 }
117         }
118
119         /* Directories with multiple links have not been tested. XXX */
120         if (inode->i_nlink > 1 && inode->i_attributes & FILE_ATTRIBUTE_DIRECTORY) {
121                 ERROR("Hard-linked directory `%"TS"' is unsupported",
122                       dentry_full_path(first_dentry));
123                 goto out;
124         }
125
126         inode->i_verified = 1;
127         ret = 0;
128 out:
129         return ret;
130 }
131
132 /* Run some miscellaneous verifications on a WIM dentry */
133 int
134 verify_dentry(struct wim_dentry *dentry, void *wim)
135 {
136         int ret;
137         WIMStruct *w = wim;
138
139         /* Verify the associated inode, but only one time no matter how many
140          * dentries it has (unless we are doing a full verification of the WIM,
141          * in which case we need to force the inode to be verified again.) */
142         if (!dentry->d_inode->i_verified) {
143                 ret = verify_inode(dentry->d_inode, w);
144                 if (ret != 0)
145                         return ret;
146         }
147
148         /* Make sure root dentry is unnamed, while every other dentry has at
149          * least a long name.
150          *
151          * I am assuming that dentries having only a DOS name is illegal; i.e.,
152          * Windows will always combine the Win32 name and DOS name for a file
153          * into a single WIM dentry, even if they are stored separately on NTFS.
154          * (This seems to be the case...) */
155         if (dentry_is_root(dentry)) {
156                 if (dentry_has_long_name(dentry) || dentry_has_short_name(dentry)) {
157                         ERROR("The root dentry has a nonempty name!");
158                         return WIMLIB_ERR_INVALID_DENTRY;
159                 }
160         } else {
161                 if (!dentry_has_long_name(dentry)) {
162                         ERROR("Dentry `%"TS"' has no long name!",
163                               dentry_full_path(dentry));
164                         return WIMLIB_ERR_INVALID_DENTRY;
165                 }
166         }
167
168 #if 0
169         /* Check timestamps */
170         if (inode->i_last_access_time < inode->i_creation_time ||
171             inode->i_last_write_time < inode->i_creation_time) {
172                 WARNING("Dentry `%"TS"' was created after it was last accessed or "
173                         "written to", dentry->full_path);
174         }
175 #endif
176
177         return 0;
178 }
179
180 static int
181 image_run_full_verifications(WIMStruct *w)
182 {
183         struct wim_image_metadata *imd;
184         struct wim_inode *inode;
185
186         imd = wim_get_current_image_metadata(w);
187         image_for_each_inode(inode, imd)
188                 inode->i_verified = 0;
189         return for_dentry_in_tree(imd->root_dentry, verify_dentry, w);
190 }
191
192 static int
193 lte_fix_refcnt(struct wim_lookup_table_entry *lte, void *ctr)
194 {
195         if (lte->refcnt != lte->real_refcnt) {
196         #ifdef ENABLE_ERROR_MESSAGES
197                 WARNING("The following lookup table entry has a reference "
198                         "count of %u, but", lte->refcnt);
199                 WARNING("We found %u references to it",
200                         lte->real_refcnt);
201                 print_lookup_table_entry(lte, stderr);
202         #endif
203                 lte->refcnt = lte->real_refcnt;
204                 ++*(unsigned long *)ctr;
205         }
206         return 0;
207 }
208
209 /* Ideally this would be unnecessary... however, the WIMs for Windows 8 are
210  * screwed up because some lookup table entries are referenced more times than
211  * their stated reference counts.  So theoretically, if we delete all the
212  * references to a stream and then remove it, it might still be referenced
213  * somewhere else, making a file be missing from the WIM... So, work around this
214  * problem by looking at ALL the images to re-calculate the reference count of
215  * EVERY lookup table entry.  This only absolutely has to be done before an image
216  * is deleted or before an image is mounted read-write. */
217 int
218 wim_run_full_verifications(WIMStruct *w)
219 {
220         int ret;
221
222         for_lookup_table_entry(w->lookup_table, lte_zero_real_refcnt, NULL);
223
224         w->all_images_verified = 1; /* Set *before* image_run_full_verifications,
225                                        because of check in read_metadata_resource() */
226         ret = for_image(w, WIMLIB_ALL_IMAGES, image_run_full_verifications);
227         if (ret == 0) {
228                 unsigned long num_ltes_with_bogus_refcnt = 0;
229                 for_lookup_table_entry(w->lookup_table, lte_fix_refcnt,
230                                        &num_ltes_with_bogus_refcnt);
231                 if (num_ltes_with_bogus_refcnt != 0) {
232                         WARNING("A total of %lu entries in the WIM's stream "
233                                 "lookup table had to have\n"
234                                 "          their reference counts fixed.",
235                                 num_ltes_with_bogus_refcnt);
236                 }
237         } else {
238                 w->all_images_verified = 0;
239         }
240         return ret;
241 }
242
243 /*
244  * verify_swm_set: - Sanity checks to make sure a set of WIMs correctly
245  *                   correspond to a spanned set.
246  *
247  * @w:
248  *      Part 1 of the set.
249  *
250  * @additional_swms:
251  *      All parts of the set other than part 1.
252  *
253  * @num_additional_swms:
254  *      Number of WIMStructs in @additional_swms.  Or, the total number of parts
255  *      in the set minus 1.
256  *
257  * @return:
258  *      0 on success; WIMLIB_ERR_SPLIT_INVALID if the set is not valid.
259  */
260 int
261 verify_swm_set(WIMStruct *w, WIMStruct **additional_swms,
262                unsigned num_additional_swms)
263 {
264         unsigned total_parts = w->hdr.total_parts;
265         int ctype;
266         const u8 *guid;
267
268         if (total_parts != num_additional_swms + 1) {
269                 ERROR("`%"TS"' says there are %u parts in the spanned set, "
270                       "but %"TS"%u part%"TS" provided",
271                       w->filename, total_parts,
272                       (num_additional_swms + 1 < total_parts) ? T("only ") : T(""),
273                       num_additional_swms + 1,
274                       (num_additional_swms) ? T("s were") : T(" was"));
275                 return WIMLIB_ERR_SPLIT_INVALID;
276         }
277         if (w->hdr.part_number != 1) {
278                 ERROR("WIM `%"TS"' is not the first part of the split WIM.",
279                       w->filename);
280                 return WIMLIB_ERR_SPLIT_INVALID;
281         }
282         for (unsigned i = 0; i < num_additional_swms; i++) {
283                 if (additional_swms[i]->hdr.total_parts != total_parts) {
284                         ERROR("WIM `%"TS"' says there are %u parts in the "
285                               "spanned set, but %u parts were provided",
286                               additional_swms[i]->filename,
287                               additional_swms[i]->hdr.total_parts,
288                               total_parts);
289                         return WIMLIB_ERR_SPLIT_INVALID;
290                 }
291         }
292
293         /* keep track of ctype and guid just to make sure they are the same for
294          * all the WIMs. */
295         ctype = wimlib_get_compression_type(w);
296         guid = w->hdr.guid;
297
298         {
299                 /* parts_to_swms is not allocated at function scope because it
300                  * should only be allocated after num_additional_swms was
301                  * checked to be the same as w->hdr.total_parts.  Otherwise, it
302                  * could be unexpectedly high and cause a stack overflow. */
303                 WIMStruct *parts_to_swms[num_additional_swms];
304                 ZERO_ARRAY(parts_to_swms);
305                 for (unsigned i = 0; i < num_additional_swms; i++) {
306
307                         WIMStruct *swm = additional_swms[i];
308
309                         if (wimlib_get_compression_type(swm) != ctype) {
310                                 ERROR("The split WIMs do not all have the same "
311                                       "compression type");
312                                 return WIMLIB_ERR_SPLIT_INVALID;
313                         }
314                         if (memcmp(guid, swm->hdr.guid, WIM_GID_LEN) != 0) {
315                                 ERROR("The split WIMs do not all have the same "
316                                       "GUID");
317                                 return WIMLIB_ERR_SPLIT_INVALID;
318                         }
319                         if (swm->hdr.part_number == 1) {
320                                 ERROR("WIMs `%"TS"' and `%"TS"' both are marked "
321                                       "as the first WIM in the spanned set",
322                                       w->filename, swm->filename);
323                                 return WIMLIB_ERR_SPLIT_INVALID;
324                         }
325                         if (swm->hdr.part_number == 0 ||
326                             swm->hdr.part_number > total_parts)
327                         {
328                                 ERROR("WIM `%"TS"' says it is part %u in the "
329                                       "spanned set, but the part number must "
330                                       "be in the range [1, %u]",
331                                       swm->filename, swm->hdr.part_number, total_parts);
332                                 return WIMLIB_ERR_SPLIT_INVALID;
333                         }
334                         if (parts_to_swms[swm->hdr.part_number - 2])
335                         {
336                                 ERROR("`%"TS"' and `%"TS"' are both marked as "
337                                       "part %u of %u in the spanned set",
338                                       parts_to_swms[swm->hdr.part_number - 2]->filename,
339                                       swm->filename,
340                                       swm->hdr.part_number,
341                                       total_parts);
342                                 return WIMLIB_ERR_SPLIT_INVALID;
343                         } else {
344                                 parts_to_swms[swm->hdr.part_number - 2] = swm;
345                         }
346                 }
347         }
348         return 0;
349 }