ntfsrecover applies to the metadata the updates which were requested on
Windows but could not be completed because they were interrupted by
some event such as a power failure, a hardware crash, a software crash
or the device being unplugged. Doing so, the file system is restored
to the latest consistent state.
No update to libntfs-3g is required by this implementation.
On-disk struct definitions used native types (u16/u32/u64/s16/s32/s64),
which doesn't say anything about the intended interpretation of the
data. The intention of having little-endian-specific types and
big-endian-specific types must have been to clarify interpretation of
data and intentions in the code. Therefore it seems reasonable to use
these types in struct definitions to clarify what data represention is
used to encode field data.
Because some struct members in layout.h are big-endian, this change also
means moving the duplicated definitions for big-endian byteswapping
macros and big-endian types found in acls.h and security.h to the
appropriate locations in endians.h and types.h respectively in order to
make them available for the struct definitions in layout.h.
Under some condition (probably interference with another process), the
directory list gets reinitialized by releasedir() and opendir() at the
beginning of a partial buffer. So in readdir() skip to the requested
offset. This is a step towards implementing seekdir().
When used with the "no-action" option, the test for self-located MFT
still reported the partition to have been repaired. Adapt the report to
only tell repairing is possible.
When compiled autonomously without the automatically generated dynamic
link stubs, use a generic library name instead of a version dependent one.
(obsolete compile mode rarely used).
The fuse cache does not handle properly hard-linked files, so ntfs-3g
traditionally disables it by using a null time-out. With an upgrade of
the fuse kernel module on OpenIndiana, cacheing of non hard-linked files
is now possible, so use it.
In an NTFS boot sector, the first sector of the partition is limited to
32 bits and it may overflow on large disks. This field is only used for
booting on the partition and it is ignored by ntfs-3g, but the warning
in mkntfs mislead users, so improve it.
ntfs_valid_sid() required that the subauthority count be between 1 and 8
inclusively. However, Windows permits more than 8 subauthorities as well
as 0 subauthorities:
- The install.wim file for the latest Windows 10 build contains a file
whose DACL contains a SID with 10 subauthorities.
ntfs_set_ntfs_acl() was failing on this file.
- The IsValidSid() function on Windows returns true for subauthority
less than or equal to 15, including 0.
There was actually already a another SID validation function that had the
Windows-compatible behavior, so I merged the two together.
Contributed by Eric Biggers
When starting mount or umount, the environment was not cleared and
could be used for privilege escalation (CVE-2015-3202).
This is a port of the fix to full fuse by using execle(3) instead
of execl(3)
Compressed records may be written as full clusters even though cluster
tails are meaningless. This is to avoid the lower levels doing a read-
modify-write cycle. Be sure to zero the meaningless bytes to avoid
leaking information.
Contributed by Eric Biggers
On OpenIndiana 64-bits, st_rdev has major and minor as 32-bits wide each,
but the fuse protocol (common to 32-bit and 64-bit) has an st_rdev field
limited to 32-bit. For now, pack major and minor the same way as in the
32-bit variant (14 and 18 bits).
When the owner and the group of a file have the same SID, and permissions
for the group is the same as permissions for other, no ACE is needed for
the group.
Newer versions of Windows use more recent definitions of upper-case
table defined by the Unicode consortium. Now using the same table as
Windows 7, windows 8 and Windows 10. This only has an effect on file
systems newly created by mkntfs.
Unused entries in the MFT may have a bad length leading to fetch fixups
from unallocated memory. Check the condition, but do not wipe, leave it
to chkdsk to decide what should be fixed.
An unused MFT record may show a bad length, leading to fetch fixups from
unallocated memory when allocating the record to a new file. So check
the length before applying the fixups. Such records have been found after
the MFT has been reallocated by a defragmenter, and they are not cleaned
by chkdsk.
When chmod'ing a file, no new ACL has to be created if the one needed
is already present in the cache. However the read-only flag may have
to be updated, so that it is kept as the opposite of S_IWUSR.
When the unmounting of the partition fails after running ntfsfix, a
second try was attempted. This cannot be done and leads to more errors
because some essential records have been freed, so better quit without
making a second try.
fuse-lite announces a FUSE_VERSION which may not always match the exact
capabilities of the library. Hence we add a special case for 'ioctl',
which we know exists in fuse-lite regardless of the version number
published.
The capability actually appeared in FUSE 2.9, not 2.8. However in order
to maintain similarity to earlier #ifdef:s, we simpy check if
FUSE_CAP_IOCTL_DIR is defined rather than checking the FUSE version.
The variable 'res' was never initialized if the #ifdef condition
'!KERNELPERMS | (POSIXACLS & !KERNELACLS)' evaluated to true and there
was an error allocating memory for 'value'.
autofs passes the sloppy option to mount(8) for all file systems to mean
that mount should not choke on invalid options such as those meant for
remote mounting on another operating system through nfs or cifs.
Following a recent change, mount(8) passes the -s option on to any file
system, even to local ones (which are not expected to get foreign options),
so ntfs-3g now has to ignore -s.
The support for ioctls has been added to fuse when using protocol 7.18,
and an equivalent upgrade has been done in fuse lite with commit [ae9aee].
For old kernels, a fall back to protocol 7.8 was implemented, but this
appears not to be supported in not-so-old kernels (e.g. 2.6.35).
With this patch, the fall back protocol is set to 7.12 or to the highest
level supported by the kernel.