X-Git-Url: https://wimlib.net/git/?p=wimlib;a=blobdiff_plain;f=src%2Fntfs-3g_apply.c;h=ccfd6fde54703b4531c7d3205d19987517f79c95;hp=8f0774679909e53a50aa4f829c5357297edb0a8a;hb=51df3b63c594a7e35446d2e2e19637e54240b0b2;hpb=26a90546f2a8ded51376d631e5a13f3d7a84f8dc diff --git a/src/ntfs-3g_apply.c b/src/ntfs-3g_apply.c index 8f077467..ccfd6fde 100644 --- a/src/ntfs-3g_apply.c +++ b/src/ntfs-3g_apply.c @@ -30,6 +30,7 @@ # include "config.h" #endif +#include #include #include @@ -110,58 +111,45 @@ sid_size(const wimlib_SID *sid) * moving the empty SACL earlier in the security descriptor or by removing the * SACL entirely. The latter work-around is valid because an empty SACL is * equivalent to a "null", or non-existent, SACL. - * - Versions up to and including 2013.1.13 reject security descriptors ending - * with an empty DACL (Discretionary Access Control List). This is very - * similar to the SACL bug and should be fixed in the next release after - * 2013.1.13. However, removing the DACL is not a valid workaround because - * this changes the meaning of the security descriptor--- an empty DACL allows - * no access, whereas a "null" DACL allows all access. + * - Versions before 2014.2.15 reject security descriptors ending with an empty + * DACL (Discretionary Access Control List). This is very similar to the SACL + * bug. However, removing the DACL is not a valid workaround because this + * changes the meaning of the security descriptor--- an empty DACL allows no + * access, whereas a "null" DACL allows all access. * * If the security descriptor was fixed, this function returns an allocated * buffer containing the fixed security descriptor, and its size is updated. - * Otherwise (or if no memory is available) the original descriptor is returned. + * Otherwise (or if no memory is available) NULL is returned. */ -static u8 * -sd_fixup(const u8 *_desc, size_t *size_p) +static void * +sd_fixup(const void *_desc, size_t *size_p) { - u32 owner_offset, group_offset, dacl_offset; -#if !defined(HAVE_NTFS_MNT_RDONLY) - u32 sacl_offset; -#endif + u32 owner_offset, group_offset, dacl_offset, sacl_offset; bool owner_valid, group_valid; size_t size = *size_p; - const wimlib_SECURITY_DESCRIPTOR_RELATIVE *desc = - (const wimlib_SECURITY_DESCRIPTOR_RELATIVE*)_desc; + const wimlib_SECURITY_DESCRIPTOR_RELATIVE *desc = _desc; wimlib_SECURITY_DESCRIPTOR_RELATIVE *desc_new; const wimlib_SID *owner, *group, *sid; /* Don't attempt to fix clearly invalid security descriptors. */ if (size < sizeof(wimlib_SECURITY_DESCRIPTOR_RELATIVE)) - return (u8*)_desc; + return NULL; if (le16_to_cpu(desc->control) & wimlib_SE_DACL_PRESENT) dacl_offset = le32_to_cpu(desc->dacl_offset); else dacl_offset = 0; -#if !defined(HAVE_NTFS_MNT_RDONLY) if (le16_to_cpu(desc->control) & wimlib_SE_SACL_PRESENT) sacl_offset = le32_to_cpu(desc->sacl_offset); else sacl_offset = 0; -#endif /* Check if the security descriptor will be affected by one of the bugs. - * If not, do nothing and return. - * - * Note: HAVE_NTFS_MNT_RDONLY is defined if libntfs-3g is - * version 2013.1.13 or later. */ - if (!( - #if !defined(HAVE_NTFS_MNT_RDONLY) - (sacl_offset != 0 && sacl_offset == size - sizeof(wimlib_ACL)) || - #endif - (dacl_offset != 0 && dacl_offset == size - sizeof(wimlib_ACL)))) - return (u8*)_desc; + * If not, do nothing and return. */ + if (!((sacl_offset != 0 && sacl_offset == size - sizeof(wimlib_ACL)) || + (dacl_offset != 0 && dacl_offset == size - sizeof(wimlib_ACL)))) + return NULL; owner_offset = le32_to_cpu(desc->owner_offset); group_offset = le32_to_cpu(desc->group_offset); @@ -186,12 +174,12 @@ sd_fixup(const u8 *_desc, size_t *size_p) } else if (group_valid) { sid = group; } else { - return (u8*)_desc; + return NULL; } desc_new = MALLOC(size + sid_size(sid)); if (!desc_new) - return (u8*)_desc; + return NULL; memcpy(desc_new, desc, size); if (owner_valid) @@ -200,7 +188,7 @@ sd_fixup(const u8 *_desc, size_t *size_p) desc_new->group_offset = cpu_to_le32(size); memcpy((u8*)desc_new + size, sid, sid_size(sid)); *size_p = size + sid_size(sid); - return (u8*)desc_new; + return desc_new; } /* Set the security descriptor @desc of size @desc_size on the NTFS inode @ni. @@ -209,20 +197,25 @@ static int ntfs_3g_set_security_descriptor(ntfs_inode *ni, const void *desc, size_t desc_size) { struct SECURITY_CONTEXT sec_ctx; - u8 *desc_fixed; + void *desc_fixed = NULL; int ret = 0; memset(&sec_ctx, 0, sizeof(sec_ctx)); sec_ctx.vol = ni->vol; - desc_fixed = sd_fixup(desc, &desc_size); - - if (ntfs_set_ntfs_acl(&sec_ctx, ni, desc_fixed, desc_size, 0)) +retry: + if (ntfs_set_ntfs_acl(&sec_ctx, ni, desc, desc_size, 0)) { + if (desc_fixed == NULL) { + desc_fixed = sd_fixup(desc, &desc_size); + if (desc_fixed != NULL) { + desc = desc_fixed; + goto retry; + } + } ret = WIMLIB_ERR_SET_SECURITY; + } - if (desc_fixed != desc) - FREE(desc_fixed); - + FREE(desc_fixed); return ret; } @@ -320,33 +313,84 @@ out_close: return ret; } +static int +ntfs_3g_restore_reparse_point(ntfs_inode *ni, const struct wim_inode *inode, + unsigned blob_size, struct ntfs_3g_apply_ctx *ctx) +{ + complete_reparse_point(&ctx->rpbuf, inode, blob_size); + + if (ntfs_set_ntfs_reparse_data(ni, (const char *)&ctx->rpbuf, + REPARSE_DATA_OFFSET + blob_size, 0)) + { + int err = errno; + ERROR_WITH_ERRNO("Failed to set reparse data on \"%s\"", + dentry_full_path( + inode_first_extraction_dentry(inode))); + if (err == EINVAL && !(inode->i_reparse_tag & 0x80000000)) { + WARNING("This reparse point had a non-Microsoft reparse " + "tag. The preceding error may have been caused " + "by a known bug in libntfs-3g where it does not " + "correctly validate non-Microsoft reparse " + "points. This bug may be fixed in the 2016 " + "release of libntfs-3g."); + } + return WIMLIB_ERR_SET_REPARSE_DATA; + } + + return 0; +} + +static bool +ntfs_3g_has_empty_attributes(const struct wim_inode *inode) +{ + for (unsigned i = 0; i < inode->i_num_streams; i++) { + const struct wim_inode_stream *strm = &inode->i_streams[i]; + + if (stream_blob_resolved(strm) == NULL && + (strm->stream_type == STREAM_TYPE_REPARSE_POINT || + stream_is_named_data_stream(strm))) + return true; + } + return false; +} + /* - * Create empty named data streams for the specified file, if there are any. + * Create empty attributes (named data streams and potentially a reparse point) + * for the specified file, if there are any. * * Since these won't have blob descriptors, they won't show up in the call to * extract_blob_list(). Hence the need for the special case. + * + * Keep this in sync with ntfs_3g_has_empty_attributes()! */ static int -ntfs_3g_create_empty_named_data_streams(ntfs_inode *ni, - const struct wim_inode *inode, - const struct ntfs_3g_apply_ctx *ctx) +ntfs_3g_create_empty_attributes(ntfs_inode *ni, + const struct wim_inode *inode, + struct ntfs_3g_apply_ctx *ctx) { for (unsigned i = 0; i < inode->i_num_streams; i++) { const struct wim_inode_stream *strm = &inode->i_streams[i]; + int ret; - if (!stream_is_named_data_stream(strm) || - stream_blob_resolved(strm) != NULL) + if (stream_blob_resolved(strm) != NULL) continue; - if (ntfs_attr_add(ni, AT_DATA, strm->stream_name, - utf16le_len_chars(strm->stream_name), - NULL, 0)) - { - ERROR_WITH_ERRNO("Failed to create named data stream " - "of \"%s\"", dentry_full_path( - inode_first_extraction_dentry(inode))); - return WIMLIB_ERR_NTFS_3G; + if (strm->stream_type == STREAM_TYPE_REPARSE_POINT) { + ret = ntfs_3g_restore_reparse_point(ni, inode, 0, ctx); + if (ret) + return ret; + } else if (stream_is_named_data_stream(strm)) { + if (ntfs_attr_add(ni, AT_DATA, strm->stream_name, + utf16le_len_chars(strm->stream_name), + NULL, 0)) + { + ERROR_WITH_ERRNO("Failed to create named data " + "stream of \"%s\"", + dentry_full_path( + inode_first_extraction_dentry(inode))); + return WIMLIB_ERR_NTFS_3G; + } } } return 0; @@ -395,15 +439,24 @@ ntfs_3g_set_metadata(ntfs_inode *ni, const struct wim_inode *inode, desc_size = sd->sizes[inode->i_security_id]; ret = ntfs_3g_set_security_descriptor(ni, desc, desc_size); - if (ret) { - if (wimlib_print_errors) { - ERROR_WITH_ERRNO("Failed to set security descriptor " - "on \"%s\" in NTFS volume", - dentry_full_path(one_dentry)); + + if (unlikely(ret)) { + int err = errno; + ERROR_WITH_ERRNO("Failed to set security descriptor on " + "\"%s\" in NTFS volume", + dentry_full_path(one_dentry)); + if (err == EINVAL && wimlib_print_errors) { fprintf(wimlib_error_file, "The security descriptor is: "); print_byte_field(desc, desc_size, wimlib_error_file); fprintf(wimlib_error_file, "\n"); + fprintf(wimlib_error_file, + "\nThis error occurred because libntfs-3g thinks " + "the security descriptor is invalid. If you " + "are extracting a Windows 10 image, this may be " + "caused by a known bug in libntfs-3g. See: " + "https://wimlib.net/forums/viewtopic.php?f=1&t=4 " + "for more information.\n\n"); } return ret; } @@ -450,8 +503,6 @@ ntfs_3g_create_dirs_recursive(ntfs_inode *dir_ni, struct wim_dentry *dir, ret = report_file_created(&ctx->common); if (!ret) ret = ntfs_3g_set_metadata(ni, child->d_inode, ctx); - if (!ret) - ret = ntfs_3g_create_empty_named_data_streams(ni, child->d_inode, ctx); if (!ret) ret = ntfs_3g_create_dirs_recursive(ni, child, ctx); @@ -487,7 +538,9 @@ ntfs_3g_create_directories(struct wim_dentry *root, root->d_inode->i_mft_no = FILE_root; - ret = ntfs_3g_create_dirs_recursive(root_ni, root, ctx); + ret = ntfs_3g_set_metadata(root_ni, root->d_inode, ctx); + if (!ret) + ret = ntfs_3g_create_dirs_recursive(root_ni, root, ctx); if (ntfs_inode_close(root_ni) && !ret) { ERROR_WITH_ERRNO("Error closing root of NTFS volume"); @@ -496,18 +549,44 @@ ntfs_3g_create_directories(struct wim_dentry *root, if (ret) return ret; - /* Set the DOS name of any directory that has one. */ + /* Set the DOS name of any directory that has one. In addition, create + * empty attributes for directories that have them. Note that creating + * an empty reparse point attribute must happen *after* setting the + * DOS name in order to work around a case where + * ntfs_set_ntfs_dos_name() fails with EOPNOTSUPP. */ list_for_each_entry(dentry, dentry_list, d_extraction_list_node) { - if (!(dentry->d_inode->i_attributes & FILE_ATTRIBUTE_DIRECTORY)) - continue; - if (!dentry_has_short_name(dentry)) + const struct wim_inode *inode = dentry->d_inode; + + if (!(inode->i_attributes & FILE_ATTRIBUTE_DIRECTORY)) continue; - ret = ntfs_3g_restore_dos_name(NULL, NULL, dentry, ctx->vol); - if (ret) - return ret; - ret = report_file_created(&ctx->common); - if (ret) - return ret; + if (dentry_has_short_name(dentry)) { + ret = ntfs_3g_restore_dos_name(NULL, NULL, dentry, + ctx->vol); + if (ret) + return ret; + ret = report_file_created(&ctx->common); + if (ret) + return ret; + } + if (ntfs_3g_has_empty_attributes(inode)) { + ntfs_inode *ni; + + ret = WIMLIB_ERR_NTFS_3G; + ni = ntfs_inode_open(ctx->vol, inode->i_mft_no); + if (ni) { + ret = ntfs_3g_create_empty_attributes(ni, inode, + ctx); + if (ntfs_inode_close(ni) && !ret) + ret = WIMLIB_ERR_NTFS_3G; + } + if (ret) { + ERROR_WITH_ERRNO("Failed to create empty " + "attributes of directory " + "\"%s\" in NTFS volume", + dentry_full_path(dentry)); + return ret; + } + } } return 0; } @@ -563,7 +642,7 @@ fail: static int ntfs_3g_create_nondirectory(struct wim_inode *inode, - const struct ntfs_3g_apply_ctx *ctx) + struct ntfs_3g_apply_ctx *ctx) { struct wim_dentry *first_dentry; ntfs_inode *dir_ni; @@ -636,7 +715,7 @@ ntfs_3g_create_nondirectory(struct wim_inode *inode, if (ret) goto out_close_ni; - ret = ntfs_3g_create_empty_named_data_streams(ni, inode, ctx); + ret = ntfs_3g_create_empty_attributes(ni, inode, ctx); out_close_ni: /* Close the inode. */ @@ -684,6 +763,7 @@ ntfs_3g_begin_extract_blob_instance(struct blob_descriptor *blob, struct ntfs_3g_apply_ctx *ctx) { struct wim_dentry *one_dentry = inode_first_extraction_dentry(inode); + ntfschar *stream_name; size_t stream_name_nchars; ntfs_attr *attr; @@ -706,22 +786,29 @@ ntfs_3g_begin_extract_blob_instance(struct blob_descriptor *blob, /* It's a data stream (may be unnamed or named). */ wimlib_assert(strm->stream_type == STREAM_TYPE_DATA); - stream_name_nchars = utf16le_len_chars(strm->stream_name); + if (unlikely(stream_is_named(strm))) { + stream_name = strm->stream_name; + stream_name_nchars = utf16le_len_chars(stream_name); - if (stream_name_nchars && - (ntfs_attr_add(ni, AT_DATA, strm->stream_name, - stream_name_nchars, NULL, 0))) - { - ERROR_WITH_ERRNO("Failed to create named data stream of \"%s\"", - dentry_full_path(one_dentry)); - return WIMLIB_ERR_NTFS_3G; + if (ntfs_attr_add(ni, AT_DATA, stream_name, + stream_name_nchars, NULL, 0)) + { + ERROR_WITH_ERRNO("Failed to create named data stream of \"%s\"", + dentry_full_path(one_dentry)); + return WIMLIB_ERR_NTFS_3G; + } + } else { + /* Don't pass an empty string other than AT_UNNAMED to + * ntfs_attr_open() --- it violates assumptions made by + * libntfs-3g. */ + stream_name = AT_UNNAMED; + stream_name_nchars = 0; } /* This should be ensured by extract_blob_list() */ wimlib_assert(ctx->num_open_attrs < MAX_OPEN_FILES); - attr = ntfs_attr_open(ni, AT_DATA, strm->stream_name, - stream_name_nchars); + attr = ntfs_attr_open(ni, AT_DATA, stream_name, stream_name_nchars); if (!attr) { ERROR_WITH_ERRNO("Failed to open data stream of \"%s\"", dentry_full_path(one_dentry)); @@ -767,8 +854,7 @@ ntfs_3g_open_inode(struct wim_inode *inode, struct ntfs_3g_apply_ctx *ctx) if (unlikely(inode->i_num_streams > 1)) { for (unsigned i = 0; i < ctx->num_open_inodes; i++) { if (ctx->open_inodes[i]->mft_no == inode->i_mft_no) { - ni = ctx->open_inodes[i]; - goto have_inode; + return ctx->open_inodes[i]; } } } @@ -781,7 +867,6 @@ ntfs_3g_open_inode(struct wim_inode *inode, struct ntfs_3g_apply_ctx *ctx) return NULL; } -have_inode: ctx->open_inodes[ctx->num_open_inodes++] = ni; return ni; } @@ -815,16 +900,35 @@ out: return ret; } +/* Note: contrary to its documentation, ntfs_attr_pwrite() can return a short + * count in non-error cases --- specifically, when writing to a compressed + * attribute and the requested count exceeds the size of an NTFS "compression + * block". Therefore, we must continue calling ntfs_attr_pwrite() until all + * bytes have been written or a real error has occurred. */ +static bool +ntfs_3g_full_pwrite(ntfs_attr *na, u64 offset, size_t size, const u8 *data) +{ + while (size) { + s64 res = ntfs_attr_pwrite(na, offset, size, data); + if (unlikely(res <= 0)) + return false; + wimlib_assert(res <= size); + offset += res; + size -= res; + data += res; + } + return true; +} + static int ntfs_3g_extract_chunk(const void *chunk, size_t size, void *_ctx) { struct ntfs_3g_apply_ctx *ctx = _ctx; - s64 res; for (unsigned i = 0; i < ctx->num_open_attrs; i++) { - res = ntfs_attr_pwrite(ctx->open_attrs[i], - ctx->offset, size, chunk); - if (res != size) { + if (!ntfs_3g_full_pwrite(ctx->open_attrs[i], + ctx->offset, size, chunk)) + { ERROR_WITH_ERRNO("Error writing data to NTFS volume"); return WIMLIB_ERR_NTFS_3G; } @@ -847,22 +951,11 @@ ntfs_3g_end_extract_blob(struct blob_descriptor *blob, int status, void *_ctx) } for (u32 i = 0; i < ctx->num_reparse_inodes; i++) { - struct wim_inode *inode = ctx->wim_reparse_inodes[i]; - - complete_reparse_point(&ctx->rpbuf, inode, blob->size); - - if (ntfs_set_ntfs_reparse_data(ctx->ntfs_reparse_inodes[i], - (const char *)&ctx->rpbuf, - REPARSE_DATA_OFFSET + blob->size, - 0)) - { - ERROR_WITH_ERRNO("Failed to set reparse " - "data on \"%s\"", - dentry_full_path( - inode_first_extraction_dentry(inode))); - ret = WIMLIB_ERR_SET_REPARSE_DATA; + ret = ntfs_3g_restore_reparse_point(ctx->ntfs_reparse_inodes[i], + ctx->wim_reparse_inodes[i], + blob->size, ctx); + if (ret) goto out; - } } ret = 0; out: