Version 1.2.1
[wimlib] / src / ntfs-capture.c
index eadedac..8f123f8 100644 (file)
@@ -2,8 +2,7 @@
  * ntfs-capture.c
  *
  * Capture a WIM image from a NTFS volume.  We capture everything we can,
- * including security data and alternate data streams.  There should be no loss
- * of information.
+ * including security data and alternate data streams.
  */
 
 /*
  * This file is part of wimlib, a library for working with WIM files.
  *
  * wimlib is free software; you can redistribute it and/or modify it under the
- * terms of the GNU Lesser General Public License as published by the Free
- * Software Foundation; either version 2.1 of the License, or (at your option)
+ * terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 3 of the License, or (at your option)
  * any later version.
  *
  * wimlib is distributed in the hope that it will be useful, but WITHOUT ANY
  * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
- * A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * A PARTICULAR PURPOSE. See the GNU General Public License for more
  * details.
  *
- * You should have received a copy of the GNU Lesser General Public License
+ * You should have received a copy of the GNU General Public License
  * along with wimlib; if not, see http://www.gnu.org/licenses/.
  */
 
+
 #include "config.h"
+
+#include <ntfs-3g/endians.h>
+#include <ntfs-3g/types.h>
+
 #include "wimlib_internal.h"
 
 
-#ifdef WITH_NTFS_3G
 #include "dentry.h"
 #include "lookup_table.h"
-#include "io.h"
+#include "buffer_io.h"
 #include <ntfs-3g/layout.h>
 #include <ntfs-3g/acls.h>
 #include <ntfs-3g/attrib.h>
 #include <ntfs-3g/misc.h>
 #include <ntfs-3g/reparse.h>
-#include <ntfs-3g/security.h>
+#include <ntfs-3g/security.h> /* security.h before xattrs.h */
+#include <ntfs-3g/xattrs.h>
 #include <ntfs-3g/volume.h>
 #include <stdlib.h>
 #include <unistd.h>
-
-extern int ntfs_inode_get_security(ntfs_inode *ni, u32 selection, char *buf,
-                                  u32 buflen, u32 *psize);
-
-extern int ntfs_inode_get_attributes(ntfs_inode *ni);
+#include <errno.h>
 
 /* Structure that allows searching the security descriptors by SHA1 message
  * digest. */
@@ -84,12 +84,12 @@ static void insert_sd_node(struct sd_node *new, struct sd_node *root)
        if (cmp < 0) {
                if (root->left)
                        insert_sd_node(new, root->left);
-               else 
+               else
                        root->left = new;
        } else if (cmp > 0) {
                if (root->right)
                        insert_sd_node(new, root->right);
-               else 
+               else
                        root->right = new;
        } else {
                wimlib_assert(0);
@@ -97,7 +97,7 @@ static void insert_sd_node(struct sd_node *new, struct sd_node *root)
 }
 
 /* Returns the security ID of the security data having a SHA1 message digest of
- * @hash in the security descriptor index tree rooted at @root. 
+ * @hash in the security descriptor index tree rooted at @root.
  *
  * If not found, return -1. */
 static int lookup_sd(const u8 hash[SHA1_HASH_SIZE], struct sd_node *root)
@@ -133,6 +133,7 @@ static int sd_set_add_sd(struct sd_set *sd_set, const char descriptor[],
        struct wim_security_data *sd;
 
        sha1_buffer((const u8*)descriptor, size, hash);
+
        security_id = lookup_sd(hash, sd_set->root);
        if (security_id >= 0)
                return security_id;
@@ -170,7 +171,7 @@ static int sd_set_add_sd(struct sd_set *sd_set, const char descriptor[],
        sd->total_length += size + sizeof(sd->sizes[0]);
 
        if (sd_set->root)
-               insert_sd_node(sd_set->root, new);
+               insert_sd_node(new, sd_set->root);
        else
                sd_set->root = new;
        return new->security_id;
@@ -187,20 +188,25 @@ static inline ntfschar *attr_record_name(ATTR_RECORD *ar)
        return (ntfschar*)((u8*)ar + le16_to_cpu(ar->name_offset));
 }
 
-/* Calculates the SHA1 message digest of a NTFS attribute. 
+/* Calculates the SHA1 message digest of a NTFS attribute.
  *
  * @ni:  The NTFS inode containing the attribute.
  * @ar:         The ATTR_RECORD describing the attribute.
  * @md:  If successful, the returned SHA1 message digest.
+ * @reparse_tag_ret:   Optional pointer into which the first 4 bytes of the
+ *                             attribute will be written (to get the reparse
+ *                             point ID)
  *
  * Return 0 on success or nonzero on error.
  */
 static int ntfs_attr_sha1sum(ntfs_inode *ni, ATTR_RECORD *ar,
-                            u8 md[SHA1_HASH_SIZE])
+                            u8 md[SHA1_HASH_SIZE],
+                            bool is_reparse_point,
+                            u32 *reparse_tag_ret)
 {
        s64 pos = 0;
        s64 bytes_remaining;
-       char buf[4096];
+       char buf[BUFFER_SIZE];
        ntfs_attr *na;
        SHA_CTX ctx;
 
@@ -212,17 +218,20 @@ static int ntfs_attr_sha1sum(ntfs_inode *ni, ATTR_RECORD *ar,
        }
 
        bytes_remaining = na->data_size;
-       sha1_init(&ctx);
 
-       DEBUG("Calculating SHA1 message digest (%"PRIu64" bytes)",
-                       bytes_remaining);
+       if (is_reparse_point) {
+               if (ntfs_attr_pread(na, 0, 8, buf) != 8)
+                       goto out_error;
+               *reparse_tag_ret = le32_to_cpu(*(u32*)buf);
+               pos = 8;
+               bytes_remaining -= 8;
+       }
 
+       sha1_init(&ctx);
        while (bytes_remaining) {
                s64 to_read = min(bytes_remaining, sizeof(buf));
-               if (ntfs_attr_pread(na, pos, to_read, buf) != to_read) {
-                       ERROR_WITH_ERRNO("Error reading NTFS attribute");
-                       return WIMLIB_ERR_NTFS_3G;
-               }
+               if (ntfs_attr_pread(na, pos, to_read, buf) != to_read)
+                       goto out_error;
                sha1_update(&ctx, buf, to_read);
                pos += to_read;
                bytes_remaining -= to_read;
@@ -230,24 +239,26 @@ static int ntfs_attr_sha1sum(ntfs_inode *ni, ATTR_RECORD *ar,
        sha1_final(md, &ctx);
        ntfs_attr_close(na);
        return 0;
+out_error:
+       ERROR_WITH_ERRNO("Error reading NTFS attribute");
+       return WIMLIB_ERR_NTFS_3G;
 }
 
-/* Load the streams from a WIM file or reparse point in the NTFS volume into the
- * WIM lookup table */
+/* Load the streams from a file or reparse point in the NTFS volume into the WIM
+ * lookup table */
 static int capture_ntfs_streams(struct dentry *dentry, ntfs_inode *ni,
                                char path[], size_t path_len,
                                struct lookup_table *lookup_table,
                                ntfs_volume **ntfs_vol_p,
                                ATTR_TYPES type)
 {
-
        ntfs_attr_search_ctx *actx;
        u8 attr_hash[SHA1_HASH_SIZE];
        struct ntfs_location *ntfs_loc = NULL;
-       struct lookup_table_entry *lte;
        int ret = 0;
+       struct lookup_table_entry *lte;
 
-       DEBUG("Capturing NTFS data streams from `%s'", path);
+       DEBUG2("Capturing NTFS data streams from `%s'", path);
 
        /* Get context to search the streams of the NTFS file. */
        actx = ntfs_attr_get_search_ctx(ni, NULL);
@@ -262,71 +273,109 @@ static int capture_ntfs_streams(struct dentry *dentry, ntfs_inode *ni,
                                 CASE_SENSITIVE, 0, NULL, 0, actx))
        {
                char *stream_name_utf8;
-               size_t stream_name_utf16_len;
-
-               /* Checksum the stream. */
-               ret = ntfs_attr_sha1sum(ni, actx->attr, attr_hash);
-               if (ret != 0)
-                       goto out_put_actx;
-
-               /* Make a lookup table entry for the stream, or use an existing
-                * one if there's already an identical stream. */
-               lte = __lookup_resource(lookup_table, attr_hash);
-               ret = WIMLIB_ERR_NOMEM;
-               if (lte) {
-                       lte->refcnt++;
+               u32 reparse_tag;
+               u64 data_size = ntfs_get_attribute_value_length(actx->attr);
+               u64 name_length = actx->attr->name_length;
+
+               if (data_size == 0) {
+                       if (errno != 0) {
+                               ERROR_WITH_ERRNO("Failed to get size of attribute of "
+                                                "`%s'", path);
+                               ret = WIMLIB_ERR_NTFS_3G;
+                               goto out_put_actx;
+                       }
+                       /* Empty stream.  No lookup table entry is needed. */
+                       lte = NULL;
                } else {
-                       ntfs_loc = CALLOC(1, sizeof(*ntfs_loc));
-                       if (!ntfs_loc)
+                       if (type == AT_REPARSE_POINT && data_size < 8) {
+                               ERROR("`%s': reparse point buffer too small",
+                                     path);
+                               ret = WIMLIB_ERR_NTFS_3G;
                                goto out_put_actx;
-                       ntfs_loc->ntfs_vol_p = ntfs_vol_p;
-                       ntfs_loc->path_utf8 = MALLOC(path_len + 1);
-                       if (!ntfs_loc->path_utf8)
-                               goto out_free_ntfs_loc;
-                       memcpy(ntfs_loc->path_utf8, path, path_len + 1);
-                       ntfs_loc->stream_name_utf16 = MALLOC(actx->attr->name_length * 2);
-                       if (!ntfs_loc->stream_name_utf16)
-                               goto out_free_ntfs_loc;
-                       memcpy(ntfs_loc->stream_name_utf16,
-                              attr_record_name(actx->attr),
-                              actx->attr->name_length * 2);
-
-                       ntfs_loc->stream_name_utf16_num_chars = actx->attr->name_length;
-                       ntfs_loc->is_reparse_point = (type == AT_REPARSE_POINT);
-                       lte = new_lookup_table_entry();
-                       if (!lte)
-                               goto out_free_ntfs_loc;
-                       lte->ntfs_loc = ntfs_loc;
-                       lte->resource_location = RESOURCE_IN_NTFS_VOLUME;
-                       lte->resource_entry.original_size = actx->attr->data_size;
-                       lte->resource_entry.size = actx->attr->data_size;
-                       DEBUG("Add resource for `%s' (size = %zu)",
-                               dentry->file_name_utf8,
-                               lte->resource_entry.original_size);
-                       copy_hash(lte->hash, attr_hash);
-                       lookup_table_insert(lookup_table, lte);
+                       }
+                       /* Checksum the stream. */
+                       ret = ntfs_attr_sha1sum(ni, actx->attr, attr_hash,
+                                               type == AT_REPARSE_POINT, &reparse_tag);
+                       if (ret != 0)
+                               goto out_put_actx;
+
+                       /* Make a lookup table entry for the stream, or use an existing
+                        * one if there's already an identical stream. */
+                       lte = __lookup_resource(lookup_table, attr_hash);
+                       ret = WIMLIB_ERR_NOMEM;
+                       if (lte) {
+                               lte->refcnt++;
+                       } else {
+                               ntfs_loc = CALLOC(1, sizeof(*ntfs_loc));
+                               if (!ntfs_loc)
+                                       goto out_put_actx;
+                               ntfs_loc->ntfs_vol_p = ntfs_vol_p;
+                               ntfs_loc->path_utf8 = MALLOC(path_len + 1);
+                               if (!ntfs_loc->path_utf8)
+                                       goto out_free_ntfs_loc;
+                               memcpy(ntfs_loc->path_utf8, path, path_len + 1);
+                               if (name_length) {
+                                       ntfs_loc->stream_name_utf16 = MALLOC(name_length * 2);
+                                       if (!ntfs_loc->stream_name_utf16)
+                                               goto out_free_ntfs_loc;
+                                       memcpy(ntfs_loc->stream_name_utf16,
+                                              attr_record_name(actx->attr),
+                                              actx->attr->name_length * 2);
+                                       ntfs_loc->stream_name_utf16_num_chars = name_length;
+                               }
+
+                               lte = new_lookup_table_entry();
+                               if (!lte)
+                                       goto out_free_ntfs_loc;
+                               lte->ntfs_loc = ntfs_loc;
+                               lte->resource_location = RESOURCE_IN_NTFS_VOLUME;
+                               if (type == AT_REPARSE_POINT) {
+                                       dentry->d_inode->reparse_tag = reparse_tag;
+                                       ntfs_loc->is_reparse_point = true;
+                                       lte->resource_entry.original_size = data_size - 8;
+                                       lte->resource_entry.size = data_size - 8;
+                               } else {
+                                       ntfs_loc->is_reparse_point = false;
+                                       lte->resource_entry.original_size = data_size;
+                                       lte->resource_entry.size = data_size;
+                               }
+                               ntfs_loc = NULL;
+                               DEBUG("Add resource for `%s' (size = %zu)",
+                                     dentry->file_name_utf8,
+                                     lte->resource_entry.original_size);
+                               copy_hash(lte->hash, attr_hash);
+                               lookup_table_insert(lookup_table, lte);
+                       }
                }
-               if (actx->attr->name_length == 0) {
-                       if (dentry->lte) {
+               if (name_length == 0) {
+                       /* Unnamed data stream.  Put the reference to it in the
+                        * dentry's inode. */
+                       if (dentry->d_inode->lte) {
                                ERROR("Found two un-named data streams for "
                                      "`%s'", path);
                                ret = WIMLIB_ERR_NTFS_3G;
                                goto out_free_lte;
                        }
-                       dentry->lte = lte;
+                       dentry->d_inode->lte = lte;
                } else {
+                       /* Named data stream.  Put the reference to it in the
+                        * alternate data stream entries */
                        struct ads_entry *new_ads_entry;
                        size_t stream_name_utf8_len;
-                       stream_name_utf8 = utf16_to_utf8((const char*)attr_record_name(actx->attr),
-                                                        actx->attr->name_length,
-                                                        &stream_name_utf8_len);
-                       if (!stream_name_utf8)
+
+                       ret = utf16_to_utf8((const char*)attr_record_name(actx->attr),
+                                           name_length * 2,
+                                           &stream_name_utf8,
+                                           &stream_name_utf8_len);
+                       if (ret != 0)
                                goto out_free_lte;
-                       new_ads_entry = dentry_add_ads(dentry, stream_name_utf8);
+                       new_ads_entry = inode_add_ads(dentry->d_inode, stream_name_utf8);
                        FREE(stream_name_utf8);
                        if (!new_ads_entry)
                                goto out_free_lte;
-                               
+
+                       wimlib_assert(new_ads_entry->stream_name_len == name_length * 2);
+
                        new_ads_entry->lte = lte;
                }
        }
@@ -343,9 +392,9 @@ out_free_ntfs_loc:
 out_put_actx:
        ntfs_attr_put_search_ctx(actx);
        if (ret == 0)
-               DEBUG("Successfully captured NTFS streams from `%s'", path);
+               DEBUG2("Successfully captured NTFS streams from `%s'", path);
        else
-               DEBUG("Failed to capture NTFS streams from `%s", path);
+               ERROR("Failed to capture NTFS streams from `%s", path);
        return ret;
 }
 
@@ -358,15 +407,20 @@ struct readdir_ctx {
        struct sd_set       *sd_set;
        const struct capture_config *config;
        ntfs_volume        **ntfs_vol_p;
+       int                  add_image_flags;
+       wimlib_progress_func_t progress_func;
 };
 
 static int
-build_dentry_tree_ntfs_recursive(struct dentry **root_p, ntfs_inode *ni,
-                                char path[], size_t path_len,
+build_dentry_tree_ntfs_recursive(struct dentry **root_p, ntfs_inode *dir_ni,
+                                ntfs_inode *ni, char path[], size_t path_len,
+                                int name_type,
                                 struct lookup_table *lookup_table,
                                 struct sd_set *sd_set,
                                 const struct capture_config *config,
-                                ntfs_volume **ntfs_vol_p);
+                                ntfs_volume **ntfs_vol_p,
+                                int add_image_flags,
+                                wimlib_progress_func_t progress_func);
 
 static int wim_ntfs_capture_filldir(void *dirent, const ntfschar *name,
                                    const int name_len, const int name_type,
@@ -383,48 +437,60 @@ static int wim_ntfs_capture_filldir(void *dirent, const ntfschar *name,
        if (name_type == FILE_NAME_DOS)
                return 0;
 
-       ret = -1;
-
-       utf8_name = utf16_to_utf8((const char*)name, name_len * 2,
-                                 &utf8_name_len);
-       if (!utf8_name)
-               goto out;
+       ret = utf16_to_utf8((const char*)name, name_len * 2,
+                           &utf8_name, &utf8_name_len);
+       if (ret != 0)
+               return -1;
 
        if (utf8_name[0] == '.' &&
             (utf8_name[1] == '\0' ||
              (utf8_name[1] == '.' && utf8_name[2] == '\0'))) {
-               DEBUG("Skipping dentry `%s'", utf8_name);
                ret = 0;
                goto out_free_utf8_name;
        }
 
-       DEBUG("Opening inode for `%s'", utf8_name);
-
        ctx = dirent;
 
        ntfs_inode *ni = ntfs_inode_open(ctx->dir_ni->vol, mref);
        if (!ni) {
                ERROR_WITH_ERRNO("Failed to open NTFS inode");
-               ret = 1;
+               goto out_free_utf8_name;
        }
        path_len = ctx->path_len;
        if (path_len != 1)
                ctx->path[path_len++] = '/';
        memcpy(ctx->path + path_len, utf8_name, utf8_name_len + 1);
        path_len += utf8_name_len;
-       ret = build_dentry_tree_ntfs_recursive(&child, ni, ctx->path, path_len,
+       ret = build_dentry_tree_ntfs_recursive(&child, ctx->dir_ni,
+                                              ni, ctx->path, path_len, name_type,
                                               ctx->lookup_table, ctx->sd_set,
-                                              ctx->config, ctx->ntfs_vol_p);
+                                              ctx->config, ctx->ntfs_vol_p,
+                                              ctx->add_image_flags,
+                                              ctx->progress_func);
+
+       if (child)
+               dentry_add_child(ctx->parent, child);
 
-       if (child) {
-               DEBUG("Linking dentry `%s' with parent `%s'",
-                     child->file_name_utf8, ctx->parent->file_name_utf8);
-               link_dentry(child, ctx->parent);
-       }
        ntfs_inode_close(ni);
 out_free_utf8_name:
        FREE(utf8_name);
-out:
+       return ret;
+}
+
+static int change_dentry_short_name(struct dentry *dentry,
+                                   const char short_name_utf8[],
+                                   int short_name_utf8_len)
+{
+       size_t short_name_utf16_len;
+       char *short_name_utf16;
+       int ret;
+
+       ret = utf8_to_utf16(short_name_utf8, short_name_utf8_len,
+                           &short_name_utf16, &short_name_utf16_len);
+       if (ret == 0) {
+               dentry->short_name = short_name_utf16;
+               dentry->short_name_len = short_name_utf16_len;
+       }
        return ret;
 }
 
@@ -433,49 +499,105 @@ out:
  * the NTFS streams, and build an array of security descriptors.
  */
 static int build_dentry_tree_ntfs_recursive(struct dentry **root_p,
+                                           ntfs_inode *dir_ni,
                                            ntfs_inode *ni,
                                            char path[],
                                            size_t path_len,
+                                           int name_type,
                                            struct lookup_table *lookup_table,
                                            struct sd_set *sd_set,
                                            const struct capture_config *config,
-                                           ntfs_volume **ntfs_vol_p)
+                                           ntfs_volume **ntfs_vol_p,
+                                           int add_image_flags,
+                                           wimlib_progress_func_t progress_func)
 {
        u32 attributes;
        int mrec_flags;
-       u32 sd_size = 0;
-       int ret = 0;
+       int ret;
        struct dentry *root;
 
        if (exclude_path(path, config, false)) {
-               DEBUG("Excluding `%s' from capture", path);
+               if ((add_image_flags & WIMLIB_ADD_IMAGE_FLAG_VERBOSE)
+                   && progress_func)
+               {
+                       union wimlib_progress_info info;
+                       info.scan.cur_path = path;
+                       info.scan.excluded = true;
+                       progress_func(WIMLIB_PROGRESS_MSG_SCAN_DENTRY, &info);
+               }
+               *root_p = NULL;
                return 0;
        }
 
-       DEBUG("Starting recursive capture at path = `%s'", path);
        mrec_flags = ni->mrec->flags;
-       attributes = ntfs_inode_get_attributes(ni);
+       struct SECURITY_CONTEXT ctx;
+       memset(&ctx, 0, sizeof(ctx));
+       ctx.vol = ni->vol;
+       ret = ntfs_xattr_system_getxattr(&ctx, XATTR_NTFS_ATTRIB,
+                                        ni, dir_ni, (char *)&attributes,
+                                        sizeof(u32));
+       if (ret != 4) {
+               ERROR_WITH_ERRNO("Failed to get NTFS attributes from `%s'",
+                                path);
+               return WIMLIB_ERR_NTFS_3G;
+       }
 
-       root = new_dentry(path_basename(path));
-       if (!root)
-               return WIMLIB_ERR_NOMEM;
+       if ((add_image_flags & WIMLIB_ADD_IMAGE_FLAG_VERBOSE)
+           && progress_func)
+       {
+               union wimlib_progress_info info;
+               info.scan.cur_path = path;
+               info.scan.excluded = false;
+               progress_func(WIMLIB_PROGRESS_MSG_SCAN_DENTRY, &info);
+       }
 
+       root = new_dentry_with_timeless_inode(path_basename(path));
+       if (!root) {
+               if (errno == EILSEQ)
+                       return WIMLIB_ERR_INVALID_UTF8_STRING;
+               else if (errno == ENOMEM)
+                       return WIMLIB_ERR_NOMEM;
+               else
+                       return WIMLIB_ERR_ICONV_NOT_AVAILABLE;
+       }
        *root_p = root;
-       root->creation_time    = le64_to_cpu(ni->creation_time);
-       root->last_write_time  = le64_to_cpu(ni->last_data_change_time);
-       root->last_access_time = le64_to_cpu(ni->last_access_time);
-       root->attributes       = le32_to_cpu(attributes);
-       root->link_group_id    = ni->mft_no;
-       root->resolved         = true;
+
+       if (dir_ni && (name_type == FILE_NAME_WIN32_AND_DOS
+                      || name_type == FILE_NAME_WIN32))
+       {
+               char dos_name_utf8[12 * 4 + 1] = {0};
+               ret = ntfs_get_ntfs_dos_name(ni, dir_ni, dos_name_utf8,
+                                            sizeof(dos_name_utf8) - 1);
+               if (ret > 0) {
+                       DEBUG("Changing short name of `%s'", path);
+                       ret = change_dentry_short_name(root, dos_name_utf8,
+                                                      ret);
+                       if (ret != 0)
+                               return ret;
+               } else {
+               #ifdef ENODATA
+                       if (errno != ENODATA) {
+                               ERROR_WITH_ERRNO("Error getting DOS name "
+                                                "of `%s'", path);
+                               return WIMLIB_ERR_NTFS_3G;
+                       }
+               #endif
+               }
+       }
+
+       root->d_inode->creation_time    = le64_to_cpu(ni->creation_time);
+       root->d_inode->last_write_time  = le64_to_cpu(ni->last_data_change_time);
+       root->d_inode->last_access_time = le64_to_cpu(ni->last_access_time);
+       root->d_inode->attributes       = le32_to_cpu(attributes);
+       root->d_inode->ino              = ni->mft_no;
+       root->d_inode->resolved         = true;
 
        if (attributes & FILE_ATTR_REPARSE_POINT) {
-               DEBUG("Reparse point `%s'", path);
                /* Junction point, symbolic link, or other reparse point */
                ret = capture_ntfs_streams(root, ni, path, path_len,
                                           lookup_table, ntfs_vol_p,
                                           AT_REPARSE_POINT);
        } else if (mrec_flags & MFT_RECORD_IS_DIRECTORY) {
-               DEBUG("Directory `%s'", path);
 
                /* Normal directory */
                s64 pos = 0;
@@ -488,6 +610,8 @@ static int build_dentry_tree_ntfs_recursive(struct dentry **root_p,
                        .sd_set       = sd_set,
                        .config       = config,
                        .ntfs_vol_p   = ntfs_vol_p,
+                       .add_image_flags = add_image_flags,
+                       .progress_func = progress_func,
                };
                ret = ntfs_readdir(ni, &pos, &ctx, wim_ntfs_capture_filldir);
                if (ret != 0) {
@@ -495,7 +619,6 @@ static int build_dentry_tree_ntfs_recursive(struct dentry **root_p,
                        ret = WIMLIB_ERR_NTFS_3G;
                }
        } else {
-               DEBUG("Normal file `%s'", path);
                /* Normal file */
                ret = capture_ntfs_streams(root, ni, path, path_len,
                                           lookup_table, ntfs_vol_p,
@@ -504,49 +627,45 @@ static int build_dentry_tree_ntfs_recursive(struct dentry **root_p,
        if (ret != 0)
                return ret;
 
-       ret = ntfs_inode_get_security(ni,
-                                     OWNER_SECURITY_INFORMATION |
-                                     GROUP_SECURITY_INFORMATION |
-                                     DACL_SECURITY_INFORMATION  |
-                                     SACL_SECURITY_INFORMATION,
-                                     NULL, 0, &sd_size);
-       char sd[sd_size];
-       ret = ntfs_inode_get_security(ni,
-                                     OWNER_SECURITY_INFORMATION |
-                                     GROUP_SECURITY_INFORMATION |
-                                     DACL_SECURITY_INFORMATION  |
-                                     SACL_SECURITY_INFORMATION,
-                                     sd, sd_size, &sd_size);
-       if (ret == 0) {
+       char _sd[1];
+       char *sd = _sd;
+       errno = 0;
+       ret = ntfs_xattr_system_getxattr(&ctx, XATTR_NTFS_ACL,
+                                        ni, dir_ni, sd,
+                                        sizeof(sd));
+       if (ret > sizeof(sd)) {
+               sd = alloca(ret);
+               ret = ntfs_xattr_system_getxattr(&ctx, XATTR_NTFS_ACL,
+                                                ni, dir_ni, sd, ret);
+       }
+       if (ret > 0) {
+               root->d_inode->security_id = sd_set_add_sd(sd_set, sd, ret);
+               if (root->d_inode->security_id == -1) {
+                       ERROR("Out of memory");
+                       return WIMLIB_ERR_NOMEM;
+               }
+               DEBUG("Added security ID = %u for `%s'",
+                     root->d_inode->security_id, path);
+               ret = 0;
+       } else if (ret < 0) {
                ERROR_WITH_ERRNO("Failed to get security information from "
                                 "`%s'", path);
                ret = WIMLIB_ERR_NTFS_3G;
        } else {
-               if (ret > 0) {
-                       /*print_security_descriptor(sd, sd_size);*/
-                       root->security_id = sd_set_add_sd(sd_set, sd, sd_size);
-                       if (root->security_id == -1) {
-                               ERROR("Out of memory");
-                               return WIMLIB_ERR_NOMEM;
-                       }
-                       DEBUG("Added security ID = %u for `%s'",
-                             root->security_id, path);
-               } else { 
-                       root->security_id = -1;
-                       DEBUG("No security ID for `%s'", path);
-               }
-               ret = 0;
+               root->d_inode->security_id = -1;
+               DEBUG("No security ID for `%s'", path);
        }
        return ret;
 }
 
-static int build_dentry_tree_ntfs(struct dentry **root_p,
-                                 const char *device,
-                                 struct lookup_table *lookup_table,
-                                 struct wim_security_data *sd,
-                                 const struct capture_config *config,
-                                 int flags,
-                                 void *extra_arg)
+int build_dentry_tree_ntfs(struct dentry **root_p,
+                          const char *device,
+                          struct lookup_table *lookup_table,
+                          struct wim_security_data *sd,
+                          const struct capture_config *config,
+                          int add_image_flags,
+                          wimlib_progress_func_t progress_func,
+                          void *extra_arg)
 {
        ntfs_volume *vol;
        ntfs_inode *root_ni;
@@ -558,13 +677,14 @@ static int build_dentry_tree_ntfs(struct dentry **root_p,
        ntfs_volume **ntfs_vol_p = extra_arg;
 
        DEBUG("Mounting NTFS volume `%s' read-only", device);
-       
+
        vol = ntfs_mount(device, MS_RDONLY);
        if (!vol) {
                ERROR_WITH_ERRNO("Failed to mount NTFS volume `%s' read-only",
                                 device);
                return WIMLIB_ERR_NTFS_3G;
        }
+       ntfs_open_secure(vol);
 
        /* We don't want to capture the special NTFS files such as $Bitmap.  Not
         * to be confused with "hidden" or "system" files which are real files
@@ -590,15 +710,21 @@ static int build_dentry_tree_ntfs(struct dentry **root_p,
 
        path[0] = '/';
        path[1] = '\0';
-       ret = build_dentry_tree_ntfs_recursive(root_p, root_ni, path, 1,
-                                              lookup_table, &sd_set,
-                                              config, ntfs_vol_p);
+       ret = build_dentry_tree_ntfs_recursive(root_p, NULL, root_ni, path, 1,
+                                              FILE_NAME_POSIX, lookup_table,
+                                              &sd_set, config, ntfs_vol_p,
+                                              add_image_flags,
+                                              progress_func);
 out_cleanup:
        FREE(path);
        ntfs_inode_close(root_ni);
        destroy_sd_set(&sd_set);
 
 out:
+       ntfs_index_ctx_put(vol->secure_xsii);
+       ntfs_index_ctx_put(vol->secure_xsdh);
+       ntfs_inode_close(vol->secure_ni);
+
        if (ret) {
                if (ntfs_umount(vol, FALSE) != 0) {
                        ERROR_WITH_ERRNO("Failed to unmount NTFS volume `%s'",
@@ -613,34 +739,3 @@ out:
        }
        return ret;
 }
-
-
-
-WIMLIBAPI int wimlib_add_image_from_ntfs_volume(WIMStruct *w,
-                                               const char *device,
-                                               const char *name,
-                                               const char *config_str,
-                                               size_t config_len,
-                                               int flags)
-{
-       if (flags & (WIMLIB_ADD_IMAGE_FLAG_DEREFERENCE)) {
-               ERROR("Cannot dereference files when capturing directly from NTFS");
-               return WIMLIB_ERR_INVALID_PARAM;
-       }
-       return do_add_image(w, device, name, config_str, config_len, flags,
-                           build_dentry_tree_ntfs, &w->ntfs_vol);
-}
-
-#else /* WITH_NTFS_3G */
-WIMLIBAPI int wimlib_add_image_from_ntfs_volume(WIMStruct *w,
-                                               const char *device,
-                                               const char *name,
-                                               const char *config_str,
-                                               size_t config_len,
-                                               int flags)
-{
-       ERROR("wimlib was compiled without support for NTFS-3g, so");
-       ERROR("we cannot capture a WIM image directly from a NTFS volume");
-       return WIMLIB_ERR_UNSUPPORTED;
-}
-#endif /* WITH_NTFS_3G */