Commit Graph

684 Commits

Author SHA1 Message Date
Jean-Pierre André
3243e62396 Supported reparse tags for OneDrive cloud storage
Newer versions of Windows 10 use several reparse tags for files which
are synchronized to OneDrive cloud storage (0x9000301a, 0x9000601a,
0x9000701a, ...). identify them as IO_REPARSE_TAG_CLOUD and use a
single plugin to process them.
2018-01-15 11:04:29 +01:00
Jean-Pierre André
45ba639781 Decoded more reparse tags in ntfsinfo
Displayed some information in ntfsinfo output about a few new types of
reparse point brought by Windows 10.
2017-08-11 09:52:54 +02:00
Jean-Pierre André
1611b21908 Enabled directory operations in plugins
Windows 10 brought a new type of reparse point for directories (0x80000018),
so add opendir() and readdir() to the plugin interface to take directories
into account. The interface for releasedir() is merged with release() as
the plugins can discriminate them if needed.
2017-08-11 09:42:37 +02:00
Jean-Pierre André
67feb2c286 Relaxed limitations on security descriptors
Windows 10 brought security descriptors which contain ACE's related to
new ways of accessing files or directories. These ACE are now accepted
with minimal consistency checks. They are still ignored for translating
permissions and for Windows-type inheritance.
2017-08-11 09:34:31 +02:00
Jean-Pierre André
d108009c7c Fixed a typo
A typo made a directive for plugin developers difficult to understand
2017-08-11 09:29:52 +02:00
Jean-Pierre André
17b56ccfa2 Allowed names with trailing dot or space on conditions
Windows places filenames with a trailing dot or space in the Win32
namespace and allows setting DOS names on such files.  This is true even
though on Windows such filenames can only be created and accessed using
WinNT-style paths and will confuse most Windows software.  Regardless,
because libntfs-3g did not allow setting DOS names on such files, in
some cases it was impossible to correctly restore, using libntfs-3g, a
directory structure that was created under Windows.

Update ntfs_set_ntfs_dos_name() to permit operating on a file that has a
long name with a trailing dot or space.  But continue to forbid creating
such names on a filesystem FUSE-mounted with the windows_name option.
Additionally, continue to forbid a trailing a dot or space in DOS names;
this matches the Windows behavior.

(contributed by Eric Biggers)
2017-02-11 10:54:51 +01:00
Jean-Pierre André
ea9b8a487c Fixed memory leak when failing to lookup an index
When an index could not be used, the search context was not freed
2017-02-11 10:29:39 +01:00
Jean-Pierre André
d69d2d9a1f Got ready for Posix ACL support in fuse kernel
Following a recent patch to the fuse kernel, the Posix ACL checks can
be done within the kernel instead of having to be done in the file
system, provided lowntfs-3g is used.

This mode is still not used by default until the fuse patch is
released by distributions.
2017-02-11 10:21:07 +01:00
Jean-Pierre André
35cb222233 Removed unused argument from ntfs_make_symlink()
Now that the size of the reparse point attribute is no longer used by
the FUSE drivers to populate st_size for symlinks and junctions, it no
longer needs to be returned by ntfs_make_symlink().

(contributed by Eric Biggers)
2017-02-11 10:11:01 +01:00
Jean-Pierre André
32587b485c Improved opening/closing $Secure when un/mounting NTFS volume
Call ntfs_close_secure() earlier, check for error, and other cleanups

Signed-off-by: Eric Biggers <ebiggers3@gmail.com>
2016-09-02 08:30:07 +02:00
Jean-Pierre André
f86c4403ed Corrected validation of multi sector transfer protected records
The validation contained an off-by-one error.  The
expression '(u32)(usa_ofs + (usa_count * 2)) > size' used 'usa_count'
after it had been decremented to skip the update sequence number entry.
Consequently, the code could read out of bounds, up to two bytes past the
end of the MST-protected record.

Furthermore, as documented in the comment in layout.h for "NTFS_RECORD"
and also on MSDN for "MULTI_SECTOR_HEADER", the update sequence array
must end before the last le16 in the first logical sector --- not merely
before the end of the record.

Fix the validation and move it into a helper function, as it was done
identically in the read and write paths.

Signed-off-by: Eric Biggers <ebiggers3@gmail.com>
2016-07-28 16:26:21 +02:00
Jean-Pierre André
2840e84a97 Always opened $Secure when mounting NTFS volume
Currently, applications that wish to access security descriptors have to
explicitly open the volume's security descriptor index ("$Secure") using
ntfs_open_secure().  Applications are also responsible for closing the
index when done with it.  However, the cleanup function for doing,
ntfs_close_secure(), cannot be called easily by all applications because
it requires a SECURITY_CONTEXT argument, not simply the ntfs_volume.
Some applications therefore have to close the inode and index contexts
manually in order to clean up properly.

This proposal updates libntfs-3g to open $Secure unconditonally as part
of ntfs_mount(), so that applications do not have to worry about it.

This proposal updates libntfs-3g to open $Secure unconditonally as part
of ntfs_mount(), so that applications do not have to worry about it.

ntfs_close_secure() is updated to take in a ntfs_volume for internal use,
and ntfs_destroy_security_context() is now the function to call to free
memory associated with a SECURITY_CONTEXT rather than a ntfs_volume.

Some memory leaks in error paths of ntfs_open_secure() are also fixed.

Signed-off-by: Eric Biggers <ebiggers3@gmail.com>
2016-07-28 16:22:16 +02:00
Jean-Pierre André
043b0e6e73 Allowed using full library API on systems without extended attributes support
A number of functions in libntfs-3g are generally useful, but are tied to
extended attributes support and are not included when the library is
built on platforms without extended attributes support.

This proposal updates libntfs-3g to always include these functions.

The only tricky part is dealing with the XATTR_CREATE and XATTR_REPLACE
flags.  These flags are defined in <sys/xattr.h>, so they must be
redefined on platforms without extended attributes support.

Signed-off-by: Eric Biggers <ebiggers3@gmail.com>
2016-07-28 16:13:59 +02:00
Jean-Pierre André
4264f19acb Cleaned up file name collation code
- Update documentation for COLLATION_RULES
- Document how ntfs_names_full_collate() compares names
- Update comments and DEBUG code to reflect that ntfs_names_full_collate()
  always access 'upcase', even in CASE_SENSITIVE mode
- Remove unneeded assignments to 'c1' and 'c2' in IGNORE_CASE mode

Signed-off-by: Eric Biggers <ebiggers3@gmail.com>
2016-07-28 16:10:14 +02:00
Jean-Pierre André
0babe3c0db Made plugin.h include all prerequisite declarations
Only <plugin.h> to be included in plugins code.

Signed-off-by: Eric Biggers <ebiggers3@gmail.com>
2016-07-19 11:50:32 +02:00
Jean-Pierre André
68dec8ddbc Renamed include guard for plugin.h to _NTFS_PLUGIN_H
Be consistent with other NTFS-3G headers and use the "_NTFS_" prefix.

Signed-off-by: Eric Biggers <ebiggers3@gmail.com>
2016-07-19 11:49:04 +02:00
Jean-Pierre André
040153adcb Redefined ELIBBAD as ENOEXEC when missing
When a plugin cannot be initialized a ELIBBAD error is returned on Linux
and OpenIndiana. As this is not a Posix error code, use ENOEXEC on
systems which do not define ELIBBAD.
2016-05-04 09:59:18 +02:00
Jean-Pierre André
48e1c132c7 Removed declarations for using acls.c outside ntfs-3g
The declarations for using acls.c within secaudit on Windows are not used
any more and can be dropped.
2016-04-07 09:32:26 +02:00
Jean-Pierre André
3cc22ba329 Moved general declarations from ntfsrecover.h to logfile.h
The declarations related to the log file structure are now grouped
in logfile.h, those specific to the recovery process are kept in
ntfsrecover.h
2016-04-06 11:03:31 +02:00
Jean-Pierre André
9693dd2fc1 Added a usn field to RESTART_PAGE_HEADER
Prepare merging ntfsrecover.h into logfile.h by adding a usn field to
RESTART_PAGE_HEADER. As this changes the record size, ignore the new
field in existing code.
2016-04-06 10:58:25 +02:00
Jean-Pierre André
88451c8069 Made a full check for whether a user extended attribute is allowed
User extended attributes should only be set on files and directories,
not on symlinks, sockets, devices, etc. For safety they are also
forbidden on metadata files, but should be allowed on the root
directory. For files based on reparse points, requests are made
to the plugin to determine the type.
2016-04-06 10:17:27 +02:00
Jean-Pierre André
e8170f588f Fixed the maximum size of an ACL
Define the maximum size of an ACL as results from the maximum number of
sub-authorities defined in layout.h
2016-04-06 10:02:23 +02:00
Jean-Pierre André
6c768f215d Used a more portable way to force alignment in security.h
Defining an array of zero elements does not force alignment on some CPUs,
insert a filler.
2016-04-06 09:57:59 +02:00
Jean-Pierre André
8a1358fff4 Enabled fallback to read-only mount when volume is hibernated
When a volume is found hibernated (or prepared for fast restarting),
it is force-mounted as read-only.
2016-04-06 09:51:47 +02:00
Jean-Pierre André
887d8f8294 Allowed kernel cacheing by lowntfs-3g when not using Posix ACLs
Kernel cacheing of file attributes is usually not used by ntfs-3g,
because it has defects when dealing with hard linked files and directory
permission checks. Kernel cacheing is however possible when using
lowntfs-3g and not using Posix ACLs.
2016-04-06 09:44:59 +02:00
Jean-Pierre André
da33b0328f Used plugins to process reparse points
The new "system compression" files used by Windows 10 make use of reparse
points to record the compression parameters, and a specific named data
stream is used to store the compressed data. With this patch, processing
of reparse points can be done by an external plugin only loaded as needed.
Junctions and symlinks, which are also based on reparse points, are now
processed by "internal plugins".
2016-04-06 09:10:35 +02:00
Erik Larsson
9d1360b282 endians.h: Fix bad assumption of valid __BYTE_ORDER__ values.
On the OpenIndiana Hipster distribution, compiling with GCC 4.9 would
fail because __BYTE_ORDER__ was defined but not to any of the values
assumed to be associated with this define (__LITTLE_ENDIAN__ or
__BIG_ENDIAN__). Instead it was defined to either
__ORDER_LITTLE_ENDIAN__ or __ORDER_BIG_ENDIAN__. This caused
compilation to fail.

Fixed by checking that all referenced defines are in fact defined
before using them and adding an additional #elif clause for this newly
discovered condition.
2016-02-16 20:29:56 +01:00
Erik Larsson
a207d4e86a endians.h: Cast the result of const endianness macros to the right type.
This fixes compiler warnings emitted when you compare an le32 value with
e.g. 'const_cpu_to_le32(-1)' on a little-endian system, because
previously the expansion of the macro expression 'const_cpu_to_le32(-1)'
would be '(-1)' on a little-endian system but '(u32)((((u32)(-1) &
0xff000000u) >> 24) | (((u32)(-1) & 0x00ff0000u) >>  8) | (((u32)(-1) &
0x0000ff00u) <<  8) | (((u32)(-1) & 0x000000ffu) << 24))' on a
big-endian system, i.e. the type of the expanded expression would be
'int' (signed) in the little-endian case but 'u32' (unsigned) in the
big-endian case.

With this commit the type of the expanded expression will be 'le32' in
both the little-endian and the big-endian case.
2016-02-11 14:19:41 +01:00
Erik Larsson
9893ea9ee6 Merge endianness fixes.
Conflicts:
	libntfs-3g/attrib.c
2016-01-28 09:22:42 +01:00
Erik Larsson
9cf04fd2cd Fix incorrect usage of native/little-endian types, signed types, etc.
This is harmless with regard to code generation but if we turn on strict
type checking these type mismatches will result in errors.
2015-12-21 23:55:31 +01:00
Erik Larsson
dfa4a6647f Fix code to use const_cpu_to_X/const_X_to_cpu macros for constants.
This enables the compiler to optimize this code in cases where compiler
support for endianness swapping is not present.
2015-12-21 23:21:00 +01:00
Erik Larsson
58bb59487c endians.h: Add const endian conversion macros for s{l,b}e{16,32,64}. 2015-12-21 23:05:36 +01:00
Jean-Pierre André
730776b0e5 Defined reparse tag for system compression
The new compression formats used by Windows 10 uses reparse data, and
a new reparse tag which it is useful to define even though these formats
is not yet supported by ntfs-3g.
2015-12-01 10:56:01 +01:00
Erik Larsson
9191d85e28 Use appropriate little-endian/big-endian types in struct definitions.
On-disk struct definitions used native types (u16/u32/u64/s16/s32/s64),
which doesn't say anything about the intended interpretation of the
data. The intention of having little-endian-specific types and
big-endian-specific types must have been to clarify interpretation of
data and intentions in the code. Therefore it seems reasonable to use
these types in struct definitions to clarify what data represention is
used to encode field data.

Because some struct members in layout.h are big-endian, this change also
means moving the duplicated definitions for big-endian byteswapping
macros and big-endian types found in acls.h and security.h to the
appropriate locations in endians.h and types.h respectively in order to
make them available for the struct definitions in layout.h.
2015-10-03 12:58:08 +02:00
Jean-Pierre André
9c2657b4ae Made use of fuse module cache on OpenIndiana
The fuse cache does not handle properly hard-linked files, so ntfs-3g
traditionally disables it by using a null time-out. With an upgrade of
the fuse kernel module on OpenIndiana, cacheing of non hard-linked files
is now possible, so use it.
2015-09-30 08:36:37 +02:00
Jean-Pierre André
2c11aaa2aa Fixed the range of valid subauthority counts in a SID
ntfs_valid_sid() required that the subauthority count be between 1 and 8
inclusively.  However, Windows permits more than 8 subauthorities as well
as 0 subauthorities:

  - The install.wim file for the latest Windows 10 build contains a file
    whose DACL contains a SID with 10 subauthorities.
    ntfs_set_ntfs_acl() was failing on this file.

  - The IsValidSid() function on Windows returns true for subauthority
    less than or equal to 15, including 0.

There was actually already a another SID validation function that had the
Windows-compatible behavior, so I merged the two together.

Contributed by Eric Biggers
2015-07-14 08:37:01 +02:00
Jean-Pierre André
e40b86a86c Upgraded the upper-case table as defined by Windows 7
Newer versions of Windows use more recent definitions of upper-case
table defined by the Unicode consortium. Now using the same table as
Windows 7, windows 8 and Windows 10. This only has an effect on file
systems newly created by mkntfs.
2015-04-17 11:03:58 +02:00
Jean-Pierre André
39c7d8538d Set the fuse protocol fall back to 7.12 when available
The support for ioctls has been added to fuse when using protocol 7.18,
and an equivalent upgrade has been done in fuse lite with commit [ae9aee].
For old kernels, a fall back to protocol 7.8 was implemented, but this
appears not to be supported in not-so-old kernels (e.g. 2.6.35).
With this patch, the fall back protocol is set to 7.12 or to the highest
level supported by the kernel.
2014-11-10 08:52:23 +01:00
Jean-Pierre André
54833dffc0 Inserted missing ea.h and ioctl.h in devel file list
ea.h and ioctl.h were not mentioned in include/ntfs-3g/Makefile.am
so they were not released as public headers in devel files.
2014-09-02 09:39:12 +02:00
Jean-Pierre André
f4e3f126df Implemented fstrim(8)
fstrim(8) discards unused blocks on a mounted filesystem. It is useful for
solid-state drives (SSDs) and thinly-provisioned storage.
Only trimming the full device (with no option) is supported.

Contributed by Richard W.M. Jones
2014-07-31 14:03:11 +02:00
Jean-Pierre André
ae9aeebbbf Upgraded fuse-lite to support ioctls
This is backporting code from the full FUSE library in order to support
ioctls. The fuse protocol level negociated is now 7.18 instead of 7.8.
A fallback protocol to 7.8 is provided for compatibility with older kernels.

32-bit ioctls are not supported by a 64-bit library
2014-07-30 16:44:18 +02:00
Jean-Pierre André
bfc5f3dd3d Fixed processing umask when Posix ACLs are compiled in but not enabled
When Posix ACLs are used, the umask is ignored and the initial permissions
of created files are taken for the parent directory. However the umask
should still be used when the Posix ACLs are not enabled in the mount
options.
2014-06-23 11:20:21 +02:00
Jean-Pierre André
70e5b1b250 Fixed inserting a new ACL after they have been wiped out by chkdsk
chkdsk deletes the ACLs when they are bad or when they are not used any
more. This fixes inserting a new ACL after the previously last ACL (or
even all of them) was deleted.
2014-04-23 09:53:13 +02:00
Jean-Pierre André
ae459dd7b3 Implemented an extended attribute to get/set EAs
The new extended attribute "system.ntfs_ea" can now be used to get or
set the set of EAs of a file or directory.
2014-04-12 09:22:17 +02:00
Jean-Pierre André
543b17b7ef Rejected reserved files names when option windows_names is set
Windows applies legacy restrictions to file names, so when the option
windows_names is applied, reject the same reserved names, which are
CON, PRN, AUX, NUL, COM1..COM9, and LPT1..LPT9
2014-03-11 10:56:31 +01:00
Jean-Pierre André
e6c46d4fa0 Used MFT record 15 for the first extent to MFT:DATA
When the runlist of the data attribute of MFT has to be split across
several extents, the location of each extent has to be known from the
runlist present in previous extents. So, force the first extent into
record 15 to avoid a bad layout.
2014-03-11 10:16:26 +01:00
Jean-Pierre André
ea8e192613 Traced dirtying runlists and updated them accordingly
Use a new flag to trace changes to a runlist and avoid recomputing the
runlist when no actual change occurred.
2014-03-11 10:11:00 +01:00
Jean-Pierre André
ddd3a8a329 Reset the output file to favour appending to image in ntfsclone
When ntfsclone'ing to a file, the target file was truncated to the volume
size. This is not useful on file systems which support sparse files. In
the case of ntfs-3g this leads to prevent optimizations specific to
appending data. So when a sparse output file is detected, it is emptied
to benefit from subsequent appending of data.
2014-03-11 09:54:53 +01:00
Jean-Pierre André
89af38f687 Fixed expanding a resident attribute without inserting holes
When calling ntfstruncate() to expand a resident attribute, the function
is called again recursively, losing the requirement for not inserting
holes. This is for forwarding the requirement (used by ntfscp).
2013-09-09 15:27:38 +02:00
Jean-Pierre André
c5a11341b0 Removed obsoleted references to utime_omit_ok
When issuing an utimensat as a consequence of utime(2) or utimensat(2),
fuse had temporarily defined a flag utime_omit_ok to identify whether
the file system supports the values UTIME_OMIT and UTIME_NOW to mean
specific timestamp updatings. The flag has been obsoleted and all
file system are now supposed to comply with the convention.
2013-04-22 19:06:49 +02:00