When block 2 or block 3 points backward to block 4, it is not clear
whether the log file only consists of block 2 or block 3 or the log
file has just wrapped around. The latter is now assumed.
Some constraints put on reparse points of unknown type (e.g. they cannot
be deleted) are not acceptable to archivers. This patch removes some
constraints.
When the bad cluster list required extent, ntfsclone and ntfsresize
did not process the extents, leading to unexpected read errors and
unmatching bitmaps. This fix enables the full list to be taken into
account.
Windows requires non-Microsoft reparse points (identified by having bit
31 of the reparse tag clear) to have a 16-byte GUID following the regular
reparse point header. This GUID is not, and cannot, be included in the
"reparse data length" field.
(Contributed by Eric Biggers)
Under some rare condition there is no space in an MFT entry to make
an index non-resident, and the index root has to be moved to an extent.
This fix cares for the situation when the attribute list was inserted
beforehand.
When writing to compressed data, the function ntfs_attr_pwrite()
cannot cross a compression block border. This is a problem for archivers
which rely on libntfs-3g, so the function is now wrapped in another one
which restarts the writing as needed.
The MFT has two runlists which may be partially stored in extents.
When these runlists have to be relocated, the relocations must be done
after the old runlists are not needed any more to read the data of
standard files, but before the MFT may be needed to extend the runlists
of standard files. Before doing so the MFT runlists have to be refreshed
from device in order to collect the updates which cannot be done in
memory during the first stage.
ntfsrecover applies to the metadata the updates which were requested on
Windows but could not be completed because they were interrupted by
some event such as a power failure, a hardware crash, a software crash
or the device being unplugged. Doing so, the file system is restored
to the latest consistent state.
No update to libntfs-3g is required by this implementation.
On-disk struct definitions used native types (u16/u32/u64/s16/s32/s64),
which doesn't say anything about the intended interpretation of the
data. The intention of having little-endian-specific types and
big-endian-specific types must have been to clarify interpretation of
data and intentions in the code. Therefore it seems reasonable to use
these types in struct definitions to clarify what data represention is
used to encode field data.
Because some struct members in layout.h are big-endian, this change also
means moving the duplicated definitions for big-endian byteswapping
macros and big-endian types found in acls.h and security.h to the
appropriate locations in endians.h and types.h respectively in order to
make them available for the struct definitions in layout.h.
Under some condition (probably interference with another process), the
directory list gets reinitialized by releasedir() and opendir() at the
beginning of a partial buffer. So in readdir() skip to the requested
offset. This is a step towards implementing seekdir().
When used with the "no-action" option, the test for self-located MFT
still reported the partition to have been repaired. Adapt the report to
only tell repairing is possible.
When compiled autonomously without the automatically generated dynamic
link stubs, use a generic library name instead of a version dependent one.
(obsolete compile mode rarely used).
The fuse cache does not handle properly hard-linked files, so ntfs-3g
traditionally disables it by using a null time-out. With an upgrade of
the fuse kernel module on OpenIndiana, cacheing of non hard-linked files
is now possible, so use it.
In an NTFS boot sector, the first sector of the partition is limited to
32 bits and it may overflow on large disks. This field is only used for
booting on the partition and it is ignored by ntfs-3g, but the warning
in mkntfs mislead users, so improve it.
ntfs_valid_sid() required that the subauthority count be between 1 and 8
inclusively. However, Windows permits more than 8 subauthorities as well
as 0 subauthorities:
- The install.wim file for the latest Windows 10 build contains a file
whose DACL contains a SID with 10 subauthorities.
ntfs_set_ntfs_acl() was failing on this file.
- The IsValidSid() function on Windows returns true for subauthority
less than or equal to 15, including 0.
There was actually already a another SID validation function that had the
Windows-compatible behavior, so I merged the two together.
Contributed by Eric Biggers
When starting mount or umount, the environment was not cleared and
could be used for privilege escalation (CVE-2015-3202).
This is a port of the fix to full fuse by using execle(3) instead
of execl(3)
Compressed records may be written as full clusters even though cluster
tails are meaningless. This is to avoid the lower levels doing a read-
modify-write cycle. Be sure to zero the meaningless bytes to avoid
leaking information.
Contributed by Eric Biggers
On OpenIndiana 64-bits, st_rdev has major and minor as 32-bits wide each,
but the fuse protocol (common to 32-bit and 64-bit) has an st_rdev field
limited to 32-bit. For now, pack major and minor the same way as in the
32-bit variant (14 and 18 bits).
When the owner and the group of a file have the same SID, and permissions
for the group is the same as permissions for other, no ACE is needed for
the group.
Newer versions of Windows use more recent definitions of upper-case
table defined by the Unicode consortium. Now using the same table as
Windows 7, windows 8 and Windows 10. This only has an effect on file
systems newly created by mkntfs.
Unused entries in the MFT may have a bad length leading to fetch fixups
from unallocated memory. Check the condition, but do not wipe, leave it
to chkdsk to decide what should be fixed.
An unused MFT record may show a bad length, leading to fetch fixups from
unallocated memory when allocating the record to a new file. So check
the length before applying the fixups. Such records have been found after
the MFT has been reallocated by a defragmenter, and they are not cleaned
by chkdsk.
When chmod'ing a file, no new ACL has to be created if the one needed
is already present in the cache. However the read-only flag may have
to be updated, so that it is kept as the opposite of S_IWUSR.
When the unmounting of the partition fails after running ntfsfix, a
second try was attempted. This cannot be done and leads to more errors
because some essential records have been freed, so better quit without
making a second try.
fuse-lite announces a FUSE_VERSION which may not always match the exact
capabilities of the library. Hence we add a special case for 'ioctl',
which we know exists in fuse-lite regardless of the version number
published.
The capability actually appeared in FUSE 2.9, not 2.8. However in order
to maintain similarity to earlier #ifdef:s, we simpy check if
FUSE_CAP_IOCTL_DIR is defined rather than checking the FUSE version.
