4 * Some functions to verify that stuff in the WIM is valid. Of course, not
5 * *all* the verifications of the input data are in this file.
9 * Copyright (C) 2012, 2013 Eric Biggers
11 * wimlib - Library for working with WIM files
13 * This file is part of wimlib, a library for working with WIM files.
15 * wimlib is free software; you can redistribute it and/or modify it under the
16 * terms of the GNU General Public License as published by the Free
17 * Software Foundation; either version 3 of the License, or (at your option)
20 * wimlib is distributed in the hope that it will be useful, but WITHOUT ANY
21 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
22 * A PARTICULAR PURPOSE. See the GNU General Public License for more
25 * You should have received a copy of the GNU General Public License
26 * along with wimlib; if not, see http://www.gnu.org/licenses/.
29 #include "wimlib_internal.h"
31 #include "lookup_table.h"
34 verify_inode(struct wim_inode *inode, const WIMStruct *w)
36 const struct wim_lookup_table *table = w->lookup_table;
37 const struct wim_security_data *sd = wim_const_security_data(w);
38 struct wim_dentry *first_dentry = inode_first_dentry(inode);
39 struct wim_dentry *dentry;
40 int ret = WIMLIB_ERR_INVALID_DENTRY;
42 /* Check the security ID. -1 is valid and means "no security
43 * descriptor". Anything else has to be a valid index into the WIM
44 * image's security descriptors table. */
45 if (inode->i_security_id < -1) {
46 ERROR("Dentry `%"TS"' has an invalid security ID (%d)",
47 dentry_full_path(first_dentry), inode->i_security_id);
51 if (inode->i_security_id >= sd->num_entries) {
52 ERROR("Dentry `%"TS"' has an invalid security ID (%d) "
53 "(there are only %u entries in the security table)",
54 dentry_full_path(first_dentry), inode->i_security_id,
59 /* Check that lookup table entries for all the inode's stream exist,
60 * except if the SHA1 message digest is all 0's, which indicates an
63 * This check is skipped on split WIMs. */
64 if (w->hdr.total_parts == 1) {
65 for (unsigned i = 0; i <= inode->i_num_ads; i++) {
66 struct wim_lookup_table_entry *lte;
68 hash = inode_stream_hash_unresolved(inode, i);
69 lte = __lookup_resource(table, hash);
70 if (!lte && !is_zero_hash(hash)) {
71 ERROR("Could not find lookup table entry for stream "
72 "%u of dentry `%"TS"'",
73 i, dentry_full_path(first_dentry));
77 lte->real_refcnt += inode->i_nlink;
81 /* Make sure there is only one unnamed data stream. */
82 unsigned num_unnamed_streams = 0;
83 for (unsigned i = 0; i <= inode->i_num_ads; i++) {
85 hash = inode_stream_hash_unresolved(inode, i);
86 if (inode_stream_name_nbytes(inode, i) == 0 && !is_zero_hash(hash))
87 num_unnamed_streams++;
89 if (num_unnamed_streams > 1) {
90 ERROR("Dentry `%"TS"' has multiple (%u) un-named streams",
91 dentry_full_path(first_dentry), num_unnamed_streams);
95 /* Files cannot have multiple DOS names, even if they have multiple
96 * names in multiple directories (i.e. hard links).
97 * Source: NTFS-3g authors. */
98 struct wim_dentry *dentry_with_dos_name = NULL;
99 inode_for_each_dentry(dentry, inode) {
100 if (dentry_has_short_name(dentry)) {
101 if (dentry_with_dos_name) {
102 ERROR("Hard-linked file has a DOS name at "
103 "both `%"TS"' and `%"TS"'",
104 dentry_full_path(dentry_with_dos_name),
105 dentry_full_path(dentry));
108 dentry_with_dos_name = dentry;
112 /* Directories with multiple links have not been tested. XXX */
113 if (inode->i_nlink > 1 && inode->i_attributes & FILE_ATTRIBUTE_DIRECTORY) {
114 ERROR("Hard-linked directory `%"TS"' is unsupported",
115 dentry_full_path(first_dentry));
119 inode->i_verified = 1;
125 /* Run some miscellaneous verifications on a WIM dentry */
127 verify_dentry(struct wim_dentry *dentry, void *wim)
132 /* Verify the associated inode, but only one time no matter how many
133 * dentries it has (unless we are doing a full verification of the WIM,
134 * in which case we need to force the inode to be verified again.) */
135 if (!dentry->d_inode->i_verified) {
136 ret = verify_inode(dentry->d_inode, w);
141 /* Make sure root dentry is unnamed, while every other dentry has at
144 * I am assuming that dentries having only a DOS name is illegal; i.e.,
145 * Windows will always combine the Win32 name and DOS name for a file
146 * into a single WIM dentry, even if they are stored separately on NTFS.
147 * (This seems to be the case...) */
148 if (dentry_is_root(dentry)) {
149 if (dentry_has_long_name(dentry) || dentry_has_short_name(dentry)) {
150 ERROR("The root dentry has a nonempty name!");
151 return WIMLIB_ERR_INVALID_DENTRY;
154 if (!dentry_has_long_name(dentry)) {
155 ERROR("Dentry `%"TS"' has no long name!",
156 dentry_full_path(dentry));
157 return WIMLIB_ERR_INVALID_DENTRY;
162 /* Check timestamps */
163 if (inode->i_last_access_time < inode->i_creation_time ||
164 inode->i_last_write_time < inode->i_creation_time) {
165 WARNING("Dentry `%"TS"' was created after it was last accessed or "
166 "written to", dentry->full_path);
174 image_run_full_verifications(WIMStruct *w)
176 struct wim_image_metadata *imd;
177 struct wim_inode *inode;
178 struct hlist_node *cur;
180 imd = wim_get_current_image_metadata(w);
181 hlist_for_each_entry(inode, cur, &imd->inode_list, i_hlist)
182 inode->i_verified = 0;
183 return for_dentry_in_tree(imd->root_dentry, verify_dentry, w);
187 lte_fix_refcnt(struct wim_lookup_table_entry *lte, void *ctr)
189 if (lte->refcnt != lte->real_refcnt) {
190 #ifdef ENABLE_ERROR_MESSAGES
191 WARNING("The following lookup table entry has a reference "
192 "count of %u, but", lte->refcnt);
193 WARNING("We found %u references to it",
195 print_lookup_table_entry(lte, stderr);
197 lte->refcnt = lte->real_refcnt;
198 ++*(unsigned long *)ctr;
203 /* Ideally this would be unnecessary... however, the WIMs for Windows 8 are
204 * screwed up because some lookup table entries are referenced more times than
205 * their stated reference counts. So theoretically, if we delete all the
206 * references to a stream and then remove it, it might still be referenced
207 * somewhere else, making a file be missing from the WIM... So, work around this
208 * problem by looking at ALL the images to re-calculate the reference count of
209 * EVERY lookup table entry. This only absolutely has to be done before an image
210 * is deleted or before an image is mounted read-write. */
212 wim_run_full_verifications(WIMStruct *w)
216 for_lookup_table_entry(w->lookup_table, lte_zero_real_refcnt, NULL);
218 w->all_images_verified = 1; /* Set *before* image_run_full_verifications,
219 because of check in read_metadata_resource() */
220 ret = for_image(w, WIMLIB_ALL_IMAGES, image_run_full_verifications);
222 unsigned long num_ltes_with_bogus_refcnt = 0;
223 for_lookup_table_entry(w->lookup_table, lte_fix_refcnt,
224 &num_ltes_with_bogus_refcnt);
225 if (num_ltes_with_bogus_refcnt != 0) {
226 WARNING("A total of %lu entries in the WIM's stream "
227 "lookup table had to have\n"
228 " their reference counts fixed.",
229 num_ltes_with_bogus_refcnt);
232 w->all_images_verified = 0;
238 * verify_swm_set: - Sanity checks to make sure a set of WIMs correctly
239 * correspond to a spanned set.
245 * All parts of the set other than part 1.
247 * @num_additional_swms:
248 * Number of WIMStructs in @additional_swms. Or, the total number of parts
249 * in the set minus 1.
252 * 0 on success; WIMLIB_ERR_SPLIT_INVALID if the set is not valid.
255 verify_swm_set(WIMStruct *w, WIMStruct **additional_swms,
256 unsigned num_additional_swms)
258 unsigned total_parts = w->hdr.total_parts;
262 if (total_parts != num_additional_swms + 1) {
263 ERROR("`%"TS"' says there are %u parts in the spanned set, "
264 "but %"TS"%u part%"TS" provided",
265 w->filename, total_parts,
266 (num_additional_swms + 1 < total_parts) ? T("only ") : T(""),
267 num_additional_swms + 1,
268 (num_additional_swms) ? T("s were") : T(" was"));
269 return WIMLIB_ERR_SPLIT_INVALID;
271 if (w->hdr.part_number != 1) {
272 ERROR("WIM `%"TS"' is not the first part of the split WIM.",
274 return WIMLIB_ERR_SPLIT_INVALID;
276 for (unsigned i = 0; i < num_additional_swms; i++) {
277 if (additional_swms[i]->hdr.total_parts != total_parts) {
278 ERROR("WIM `%"TS"' says there are %u parts in the "
279 "spanned set, but %u parts were provided",
280 additional_swms[i]->filename,
281 additional_swms[i]->hdr.total_parts,
283 return WIMLIB_ERR_SPLIT_INVALID;
287 /* keep track of ctype and guid just to make sure they are the same for
289 ctype = wimlib_get_compression_type(w);
293 /* parts_to_swms is not allocated at function scope because it
294 * should only be allocated after num_additional_swms was
295 * checked to be the same as w->hdr.total_parts. Otherwise, it
296 * could be unexpectedly high and cause a stack overflow. */
297 WIMStruct *parts_to_swms[num_additional_swms];
298 ZERO_ARRAY(parts_to_swms);
299 for (unsigned i = 0; i < num_additional_swms; i++) {
301 WIMStruct *swm = additional_swms[i];
303 if (wimlib_get_compression_type(swm) != ctype) {
304 ERROR("The split WIMs do not all have the same "
306 return WIMLIB_ERR_SPLIT_INVALID;
308 if (memcmp(guid, swm->hdr.guid, WIM_GID_LEN) != 0) {
309 ERROR("The split WIMs do not all have the same "
311 return WIMLIB_ERR_SPLIT_INVALID;
313 if (swm->hdr.part_number == 1) {
314 ERROR("WIMs `%"TS"' and `%"TS"' both are marked "
315 "as the first WIM in the spanned set",
316 w->filename, swm->filename);
317 return WIMLIB_ERR_SPLIT_INVALID;
319 if (swm->hdr.part_number == 0 ||
320 swm->hdr.part_number > total_parts)
322 ERROR("WIM `%"TS"' says it is part %u in the "
323 "spanned set, but the part number must "
324 "be in the range [1, %u]",
325 swm->filename, swm->hdr.part_number, total_parts);
326 return WIMLIB_ERR_SPLIT_INVALID;
328 if (parts_to_swms[swm->hdr.part_number - 2])
330 ERROR("`%"TS"' and `%"TS"' are both marked as "
331 "part %u of %u in the spanned set",
332 parts_to_swms[swm->hdr.part_number - 2]->filename,
334 swm->hdr.part_number,
336 return WIMLIB_ERR_SPLIT_INVALID;
338 parts_to_swms[swm->hdr.part_number - 2] = swm;
git://wimlib.net / wimlib / blob