volume.c revision 9663:ace9a2ac3683
1/** 2 * volume.c - NTFS volume handling code. Part of the Linux-NTFS project. 3 * 4 * Copyright (c) 2000-2006 Anton Altaparmakov 5 * Copyright (c) 2002-2006 Szabolcs Szakacsits 6 * Copyright (c) 2004-2005 Richard Russon 7 * Copyright (c) 2005-2007 Yura Pakhuchiy 8 * 9 * This program/include file is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU General Public License as published 11 * by the Free Software Foundation; either version 2 of the License, or 12 * (at your option) any later version. 13 * 14 * This program/include file is distributed in the hope that it will be 15 * useful, but WITHOUT ANY WARRANTY; without even the implied warranty 16 * of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 * GNU General Public License for more details. 18 * 19 * You should have received a copy of the GNU General Public License 20 * along with this program (in the main directory of the Linux-NTFS 21 * distribution in the file COPYING); if not, write to the Free Software 22 * Foundation,Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 23 */ 24 25#ifdef HAVE_CONFIG_H 26#include "config.h" 27#endif 28 29#ifdef HAVE_STDLIB_H 30#include <stdlib.h> 31#endif 32#ifdef HAVE_STDIO_H 33#include <stdio.h> 34#endif 35#ifdef HAVE_STRING_H 36#include <string.h> 37#endif 38#ifdef HAVE_FCNTL_H 39#include <fcntl.h> 40#endif 41#ifdef HAVE_UNISTD_H 42#include <unistd.h> 43#endif 44#ifdef HAVE_ERRNO_H 45#include <errno.h> 46#endif 47#ifdef HAVE_SYS_STAT_H 48#include <sys/stat.h> 49#endif 50#ifdef HAVE_LIMITS_H 51#include <limits.h> 52#endif 53 54#include "volume.h" 55#include "attrib.h" 56#include "mft.h" 57#include "bootsect.h" 58#include "device.h" 59#include "debug.h" 60#include "inode.h" 61#include "runlist.h" 62#include "logfile.h" 63#include "dir.h" 64#include "logging.h" 65 66#ifndef PATH_MAX 67#define PATH_MAX 4096 68#endif 69 70/** 71 * ntfs_volume_alloc - Create an NTFS volume object and initialise it 72 * 73 * Description... 74 * 75 * Returns: 76 */ 77ntfs_volume *ntfs_volume_alloc(void) 78{ 79 ntfs_volume *vol; 80 int i; 81 82 vol = calloc(1, sizeof(ntfs_volume)); 83 if (vol) { 84 for (i = 0; i < NTFS_INODE_CACHE_SIZE; i++) 85 INIT_LIST_HEAD(&vol->inode_cache[i]); 86 } 87 return vol; 88} 89 90/** 91 * __ntfs_volume_release - Destroy an NTFS volume object 92 * @v: 93 * 94 * Description... 95 * 96 * Returns: 97 */ 98static void __ntfs_volume_release(ntfs_volume *v) 99{ 100 struct list_head *pos, *tmp; 101 int i; 102 103 /* Sync and print error about not detached inodes. */ 104 for (i = 0; i < NTFS_INODE_CACHE_SIZE; i++) 105 list_for_each_safe(pos, tmp, &v->inode_cache[i]) { 106 ntfs_inode *ni = 107 list_entry(pos, ntfs_inode, list_entry); 108 109 switch (ni->mft_no) { 110 case FILE_Volume: 111 case FILE_Bitmap: 112 case FILE_MFT: 113 case FILE_MFTMirr: 114 if (ni->nr_references == 1) 115 continue; 116 break; 117 } 118 119 ntfs_log_error("%s(): Inode %llu still have %d " 120 "references.\n", "__ntfs_volume_release", 121 ni->mft_no, ni->nr_references); 122 ntfs_inode_sync(ni); 123 } 124 /* 125 * Clear the dirty bit if it was not set before we mounted and this is 126 * not a forensic mount. 127 */ 128 if (!NVolReadOnly(v) && !NVolWasDirty(v) && !NVolForensicMount(v)) { 129 v->flags &= ~VOLUME_IS_DIRTY; 130 (void)ntfs_volume_write_flags(v, v->flags); 131 } 132 if (v->lcnbmp_ni && NInoDirty(v->lcnbmp_ni)) 133 ntfs_inode_sync(v->lcnbmp_ni); 134 if (v->vol_ni) 135 ntfs_inode_close(v->vol_ni); 136 if (v->lcnbmp_na) 137 ntfs_attr_close(v->lcnbmp_na); 138 if (v->lcnbmp_ni) 139 ntfs_inode_close(v->lcnbmp_ni); 140 if (v->mft_ni && NInoDirty(v->mft_ni)) 141 ntfs_inode_sync(v->mft_ni); 142 if (v->mftbmp_na) 143 ntfs_attr_close(v->mftbmp_na); 144 if (v->mft_na) 145 ntfs_attr_close(v->mft_na); 146 if (v->mft_ni) 147 ntfs_inode_close(v->mft_ni); 148 if (v->mftmirr_ni && NInoDirty(v->mftmirr_ni)) 149 ntfs_inode_sync(v->mftmirr_ni); 150 if (v->mftmirr_na) 151 ntfs_attr_close(v->mftmirr_na); 152 if (v->mftmirr_ni) 153 ntfs_inode_close(v->mftmirr_ni); 154 if (v->u.dev) { 155 struct ntfs_device *dev = v->u.dev; 156 157 if (NDevDirty(dev)) 158 dev->d_ops->sync(dev); 159 if (dev->d_ops->close(dev)) 160 ntfs_log_perror("Failed to close the device"); 161 } 162 free(v->vol_name); 163 free(v->upcase); 164 free(v->attrdef); 165 free(v); 166} 167 168/** 169 * ntfs_mft_load - load the $MFT and setup the ntfs volume with it 170 * @vol: ntfs volume whose $MFT to load 171 * 172 * Load $MFT from @vol and setup @vol with it. After calling this function the 173 * volume @vol is ready for use by all read access functions provided by the 174 * ntfs library. 175 * 176 * Return 0 on success and -1 on error with errno set to the error code. 177 */ 178static int ntfs_mft_load(ntfs_volume *vol) 179{ 180 VCN next_vcn, last_vcn, highest_vcn; 181 s64 l; 182 MFT_RECORD *mb = NULL; 183 ntfs_attr_search_ctx *ctx = NULL; 184 ATTR_RECORD *a; 185 STANDARD_INFORMATION *std_info; 186 int eo; 187 188 /* Manually setup an ntfs_inode. */ 189 vol->mft_ni = ntfs_inode_allocate(vol); 190 mb = (MFT_RECORD*)ntfs_malloc(vol->mft_record_size); 191 if (!vol->mft_ni || !mb) { 192 ntfs_log_perror("Error allocating memory for $MFT"); 193 goto error_exit; 194 } 195 vol->mft_ni->mft_no = 0; 196 vol->mft_ni->mrec = mb; 197 __ntfs_inode_add_to_cache(vol->mft_ni); 198 /* Can't use any of the higher level functions yet! */ 199 l = ntfs_mst_pread(vol->u.dev, vol->mft_lcn << vol->cluster_size_bits, 1, 200 vol->mft_record_size, mb); 201 if (l != 1) { 202 if (l != -1) 203 errno = EIO; 204 ntfs_log_perror("Error reading $MFT"); 205 goto error_exit; 206 } 207 if (ntfs_is_baad_record(mb->magic)) { 208 ntfs_log_error("Incomplete multi sector transfer detected in " 209 "$MFT.\n"); 210 goto io_error_exit; 211 } 212 if (!ntfs_is_mft_record(mb->magic)) { 213 ntfs_log_error("$MFT has invalid magic.\n"); 214 goto io_error_exit; 215 } 216 ctx = ntfs_attr_get_search_ctx(vol->mft_ni, NULL); 217 if (!ctx) { 218 ntfs_log_perror("Failed to allocate attribute search context"); 219 goto error_exit; 220 } 221 if (p2n(ctx->attr) < p2n(mb) || 222 (char*)ctx->attr > (char*)mb + vol->mft_record_size) { 223 ntfs_log_error("$MFT is corrupt.\n"); 224 goto io_error_exit; 225 } 226 /* Find the $ATTRIBUTE_LIST attribute in $MFT if present. */ 227 if (ntfs_attr_lookup(AT_ATTRIBUTE_LIST, AT_UNNAMED, 0, 0, 0, NULL, 0, 228 ctx)) { 229 if (errno != ENOENT) { 230 ntfs_log_error("$MFT has corrupt attribute list.\n"); 231 goto io_error_exit; 232 } 233 goto mft_has_no_attr_list; 234 } 235 NInoSetAttrList(vol->mft_ni); 236 l = ntfs_get_attribute_value_length(ctx->attr); 237 if (l <= 0 || l > 0x40000) { 238 ntfs_log_error("$MFT/$ATTRIBUTE_LIST has invalid length.\n"); 239 goto io_error_exit; 240 } 241 vol->mft_ni->attr_list_size = l; 242 vol->mft_ni->attr_list = ntfs_malloc(l); 243 if (!vol->mft_ni->attr_list) 244 goto error_exit; 245 246 l = ntfs_get_attribute_value(vol, ctx->attr, vol->mft_ni->attr_list); 247 if (!l) { 248 ntfs_log_error("Failed to get value of " 249 "$MFT/$ATTRIBUTE_LIST.\n"); 250 goto io_error_exit; 251 } 252 if (l != vol->mft_ni->attr_list_size) { 253 ntfs_log_error("Got unexpected amount of data when " 254 "reading $MFT/$ATTRIBUTE_LIST.\n"); 255 goto io_error_exit; 256 } 257mft_has_no_attr_list: 258 /* Receive attributes from STANDARD_INFORMATION. */ 259 std_info = ntfs_attr_readall(vol->mft_ni, AT_STANDARD_INFORMATION, 260 AT_UNNAMED, 0, NULL); 261 vol->mft_ni->flags = std_info->file_attributes; 262 free(std_info); 263 264 /* We now have a fully setup ntfs inode for $MFT in vol->mft_ni. */ 265 266 /* Get an ntfs attribute for $MFT/$DATA and set it up, too. */ 267 vol->mft_na = ntfs_attr_open(vol->mft_ni, AT_DATA, AT_UNNAMED, 0); 268 if (!vol->mft_na) { 269 ntfs_log_perror("Failed to open ntfs attribute"); 270 goto error_exit; 271 } 272 /* Read all extents from the $DATA attribute in $MFT. */ 273 ntfs_attr_reinit_search_ctx(ctx); 274 last_vcn = vol->mft_na->allocated_size >> vol->cluster_size_bits; 275 highest_vcn = next_vcn = 0; 276 a = NULL; 277 while (!ntfs_attr_lookup(AT_DATA, AT_UNNAMED, 0, 0, next_vcn, NULL, 0, 278 ctx)) { 279 runlist_element *nrl; 280 281 a = ctx->attr; 282 /* $MFT must be non-resident. */ 283 if (!a->non_resident) { 284 ntfs_log_error("$MFT must be non-resident but a " 285 "resident extent was found. $MFT is " 286 "corrupt. Run chkdsk.\n"); 287 goto io_error_exit; 288 } 289 /* $MFT must be uncompressed and unencrypted. */ 290 if (a->flags & ATTR_COMPRESSION_MASK || 291 a->flags & ATTR_IS_ENCRYPTED) { 292 ntfs_log_error("$MFT must be uncompressed and " 293 "unencrypted but a compressed/encrypted" 294 " extent was found. $MFT is corrupt. " 295 "Run chkdsk.\n"); 296 goto io_error_exit; 297 } 298 /* 299 * Decompress the mapping pairs array of this extent and merge 300 * the result into the existing runlist. No need for locking 301 * as we have exclusive access to the inode at this time and we 302 * are a mount in progress task, too. 303 */ 304 nrl = ntfs_mapping_pairs_decompress(vol, a, vol->mft_na->rl); 305 if (!nrl) { 306 ntfs_log_perror("ntfs_mapping_pairs_decompress() " 307 "failed"); 308 goto error_exit; 309 } 310 vol->mft_na->rl = nrl; 311 312 /* Get the lowest vcn for the next extent. */ 313 highest_vcn = sle64_to_cpu(a->u.nonres.highest_vcn); 314 next_vcn = highest_vcn + 1; 315 316 /* Only one extent or error, which we catch below. */ 317 if (next_vcn <= 0) 318 break; 319 320 /* Avoid endless loops due to corruption. */ 321 if (next_vcn < sle64_to_cpu(a->u.nonres.lowest_vcn)) { 322 ntfs_log_error("$MFT has corrupt attribute list " 323 "attribute. Run chkdsk.\n"); 324 goto io_error_exit; 325 } 326 } 327 if (!a) { 328 ntfs_log_error("$MFT/$DATA attribute not found. " 329 "$MFT is corrupt. Run chkdsk.\n"); 330 goto io_error_exit; 331 } 332 if (highest_vcn && highest_vcn != last_vcn - 1) { 333 ntfs_log_error("Failed to load the complete runlist for " 334 "$MFT/$DATA. Bug or corrupt $MFT. " 335 "Run chkdsk.\n highest_vcn = 0x%llx, " 336 "last_vcn - 1 = 0x%llx\n", (long long) 337 highest_vcn, (long long)last_vcn - 1); 338 goto io_error_exit; 339 } 340 /* Done with the $Mft mft record. */ 341 ntfs_attr_put_search_ctx(ctx); 342 ctx = NULL; 343 /* 344 * The volume is now setup so we can use all read access functions. 345 */ 346 vol->mftbmp_na = ntfs_attr_open(vol->mft_ni, AT_BITMAP, AT_UNNAMED, 0); 347 if (!vol->mftbmp_na) { 348 ntfs_log_perror("Failed to open $MFT/$BITMAP"); 349 goto error_exit; 350 } 351 return 0; 352io_error_exit: 353 errno = EIO; 354error_exit: 355 eo = errno; 356 if (ctx) 357 ntfs_attr_put_search_ctx(ctx); 358 if (vol->mft_na) { 359 ntfs_attr_close(vol->mft_na); 360 vol->mft_na = NULL; 361 } 362 if (vol->mft_ni) { 363 ntfs_inode_close(vol->mft_ni); 364 vol->mft_ni = NULL; 365 } 366 ntfs_log_error("%s(): Failed.\n", "ntfs_mft_load"); 367 errno = eo; 368 return -1; 369} 370 371/** 372 * ntfs_mftmirr_load - load the $MFTMirr and setup the ntfs volume with it 373 * @vol: ntfs volume whose $MFTMirr to load 374 * 375 * Load $MFTMirr from @vol and setup @vol with it. After calling this function 376 * the volume @vol is ready for use by all write access functions provided by 377 * the ntfs library (assuming ntfs_mft_load() has been called successfully 378 * beforehand). 379 * 380 * Return 0 on success and -1 on error with errno set to the error code. 381 */ 382static int ntfs_mftmirr_load(ntfs_volume *vol) 383{ 384 int err; 385 386 vol->mftmirr_ni = ntfs_inode_open(vol, FILE_MFTMirr); 387 if (!vol->mftmirr_ni) { 388 ntfs_log_perror("Failed to open inode $MFTMirr"); 389 return -1; 390 } 391 /* Get an ntfs attribute for $MFTMirr/$DATA, too. */ 392 vol->mftmirr_na = ntfs_attr_open(vol->mftmirr_ni, AT_DATA, 393 AT_UNNAMED, 0); 394 if (!vol->mftmirr_na) { 395 ntfs_log_perror("Failed to open $MFTMirr/$DATA"); 396 goto error_exit; 397 } 398 if (ntfs_attr_map_runlist(vol->mftmirr_na, 0) < 0) { 399 ntfs_log_perror("Failed to map runlist of $MFTMirr/$DATA"); 400 goto error_exit; 401 } 402 /* Check $MFTMirr runlist. */ 403 if (vol->mftmirr_na->rl[0].lcn != vol->mftmirr_lcn || 404 vol->mftmirr_na->rl[0].length < (vol->mftmirr_size * 405 vol->mft_record_size + vol->cluster_size - 1) / 406 vol->cluster_size) { 407 ntfs_log_error("$MFTMirr location mismatch or first 4 records " 408 "are fragmented. Run chkdsk.\n"); 409 errno = EIO; 410 goto error_exit; 411 412 } 413 return 0; 414error_exit: 415 err = errno; 416 if (vol->mftmirr_na) { 417 ntfs_attr_close(vol->mftmirr_na); 418 vol->mftmirr_na = NULL; 419 } 420 ntfs_inode_close(vol->mftmirr_ni); 421 vol->mftmirr_ni = NULL; 422 errno = err; 423 return -1; 424} 425 426/** 427 * ntfs_volume_startup - allocate and setup an ntfs volume 428 * @dev: device to open 429 * @flags: optional mount flags 430 * 431 * Load, verify, and parse bootsector; load and setup $MFT and $MFTMirr. After 432 * calling this function, the volume is setup sufficiently to call all read 433 * and write access functions provided by the library. 434 * 435 * Return the allocated volume structure on success and NULL on error with 436 * errno set to the error code. 437 */ 438ntfs_volume *ntfs_volume_startup(struct ntfs_device *dev, 439 ntfs_mount_flags flags) 440{ 441 LCN mft_zone_size, mft_lcn; 442 s64 br; 443 ntfs_volume *vol; 444 NTFS_BOOT_SECTOR *bs; 445 int eo; 446#ifdef DEBUG 447 const char *OK = "OK\n"; 448 const char *FAILED = "FAILED\n"; 449 BOOL debug = 1; 450#else 451 BOOL debug = 0; 452#endif 453 454 if (!dev || !dev->d_ops || !dev->d_name) { 455 errno = EINVAL; 456 return NULL; 457 } 458 459 if (!(bs = (NTFS_BOOT_SECTOR *)ntfs_malloc(sizeof(NTFS_BOOT_SECTOR)))) 460 return NULL; 461 462 /* Allocate the volume structure. */ 463 vol = ntfs_volume_alloc(); 464 if (!vol) 465 goto error_exit; 466 /* Create the default upcase table. */ 467 vol->upcase_len = 65536; 468 vol->upcase = (ntfschar*)ntfs_malloc(vol->upcase_len * 469 sizeof(ntfschar)); 470 if (!vol->upcase) 471 goto error_exit; 472 ntfs_upcase_table_build(vol->upcase, 473 vol->upcase_len * sizeof(ntfschar)); 474 if (flags & NTFS_MNT_RDONLY) 475 NVolSetReadOnly(vol); 476 if (flags & NTFS_MNT_CASE_SENSITIVE) 477 NVolSetCaseSensitive(vol); 478 if (flags & NTFS_MNT_INTERIX) 479 NVolSetInterix(vol); 480 ntfs_log_debug("Reading bootsector... "); 481 if (dev->d_ops->open(dev, NVolReadOnly(vol) ? O_RDONLY : 482 ((flags & NTFS_MNT_NOT_EXCLUSIVE) ? O_RDWR : 483 (O_RDWR | O_EXCL)))) { 484 ntfs_log_debug(FAILED); 485 ntfs_log_perror("Error opening partition device"); 486 goto error_exit; 487 } 488 /* Attach the device to the volume. */ 489 vol->u.dev = dev; 490 /* Now read the bootsector. */ 491 br = ntfs_pread(dev, 0, sizeof(NTFS_BOOT_SECTOR), bs); 492 if (br != sizeof(NTFS_BOOT_SECTOR)) { 493 ntfs_log_debug(FAILED); 494 if (br != -1) 495 errno = EINVAL; 496 if (!br) 497 ntfs_log_debug("Error: partition is smaller than " 498 "bootsector size. Weird!\n"); 499 else 500 ntfs_log_perror("Error reading bootsector"); 501 goto error_exit; 502 } 503 ntfs_log_debug(OK); 504 if (!ntfs_boot_sector_is_ntfs(bs, !debug)) { 505 ntfs_log_debug("Error: %s is not a valid NTFS partition!\n", 506 dev->d_name); 507 errno = EINVAL; 508 goto error_exit; 509 } 510 if (ntfs_boot_sector_parse(vol, bs) < 0) { 511 ntfs_log_perror("Failed to parse ntfs bootsector"); 512 goto error_exit; 513 } 514 free(bs); 515 bs = NULL; 516 /* Now set the device block size to the sector size. */ 517 if (ntfs_device_block_size_set(vol->u.dev, vol->sector_size)) 518 ntfs_log_debug("Failed to set the device block size to the " 519 "sector size. This may affect performance " 520 "but should be harmless otherwise. Error: " 521 "%s\n", strerror(errno)); 522 /* 523 * We now initialize the cluster allocator. 524 * 525 * FIXME: Move this to its own function? (AIA) 526 */ 527 528 // TODO: Make this tunable at mount time. (AIA) 529 vol->mft_zone_multiplier = 1; 530 531 /* Determine the size of the MFT zone. */ 532 mft_zone_size = vol->nr_clusters; 533 switch (vol->mft_zone_multiplier) { /* % of volume size in clusters */ 534 case 4: 535 mft_zone_size >>= 1; /* 50% */ 536 break; 537 case 3: 538 mft_zone_size = mft_zone_size * 3 >> 3; /* 37.5% */ 539 break; 540 case 2: 541 mft_zone_size >>= 2; /* 25% */ 542 break; 543 /* case 1: */ 544 default: 545 mft_zone_size >>= 3; /* 12.5% */ 546 break; 547 } 548 549 /* Setup the mft zone. */ 550 vol->mft_zone_start = vol->mft_zone_pos = vol->mft_lcn; 551 ntfs_log_debug("mft_zone_pos = 0x%llx\n", (long long)vol->mft_zone_pos); 552 553 /* 554 * Calculate the mft_lcn for an unmodified NTFS volume (see mkntfs 555 * source) and if the actual mft_lcn is in the expected place or even 556 * further to the front of the volume, extend the mft_zone to cover the 557 * beginning of the volume as well. This is in order to protect the 558 * area reserved for the mft bitmap as well within the mft_zone itself. 559 * On non-standard volumes we don't protect it as the overhead would be 560 * higher than the speed increase we would get by doing it. 561 */ 562 mft_lcn = (8192 + 2 * vol->cluster_size - 1) / vol->cluster_size; 563 if (mft_lcn * vol->cluster_size < 16 * 1024) 564 mft_lcn = (16 * 1024 + vol->cluster_size - 1) / 565 vol->cluster_size; 566 if (vol->mft_zone_start <= mft_lcn) 567 vol->mft_zone_start = 0; 568 ntfs_log_debug("mft_zone_start = 0x%llx\n", 569 (long long)vol->mft_zone_start); 570 571 /* 572 * Need to cap the mft zone on non-standard volumes so that it does 573 * not point outside the boundaries of the volume. We do this by 574 * halving the zone size until we are inside the volume. 575 */ 576 vol->mft_zone_end = vol->mft_lcn + mft_zone_size; 577 while (vol->mft_zone_end >= vol->nr_clusters) { 578 mft_zone_size >>= 1; 579 vol->mft_zone_end = vol->mft_lcn + mft_zone_size; 580 } 581 ntfs_log_debug("mft_zone_end = 0x%llx\n", (long long)vol->mft_zone_end); 582 583 /* 584 * Set the current position within each data zone to the start of the 585 * respective zone. 586 */ 587 vol->data1_zone_pos = vol->mft_zone_end; 588 ntfs_log_debug("data1_zone_pos = 0x%llx\n", vol->data1_zone_pos); 589 vol->data2_zone_pos = 0; 590 ntfs_log_debug("data2_zone_pos = 0x%llx\n", vol->data2_zone_pos); 591 592 /* Set the mft data allocation position to mft record 24. */ 593 vol->mft_data_pos = 24; 594 595 /* 596 * The cluster allocator is now fully operational. 597 */ 598 599 /* Need to setup $MFT so we can use the library read functions. */ 600 ntfs_log_debug("Loading $MFT... "); 601 if (ntfs_mft_load(vol) < 0) { 602 ntfs_log_debug(FAILED); 603 ntfs_log_perror("Failed to load $MFT"); 604 goto error_exit; 605 } 606 ntfs_log_debug(OK); 607 608 /* Need to setup $MFTMirr so we can use the write functions, too. */ 609 ntfs_log_debug("Loading $MFTMirr... "); 610 if (ntfs_mftmirr_load(vol) < 0) { 611 ntfs_log_debug(FAILED); 612 ntfs_log_perror("Failed to load $MFTMirr"); 613 goto error_exit; 614 } 615 ntfs_log_debug(OK); 616 return vol; 617error_exit: 618 eo = errno; 619 free(bs); 620 if (vol) 621 __ntfs_volume_release(vol); 622 errno = eo; 623 return NULL; 624} 625 626/** 627 * ntfs_volume_check_logfile - check logfile on target volume 628 * @vol: volume on which to check logfile 629 * 630 * Return 0 on success and -1 on error with errno set error code. 631 */ 632static int ntfs_volume_check_logfile(ntfs_volume *vol) 633{ 634 ntfs_inode *ni; 635 ntfs_attr *na = NULL; 636 RESTART_PAGE_HEADER *rp = NULL; 637 int err = 0; 638 639 if ((ni = ntfs_inode_open(vol, FILE_LogFile)) == NULL) { 640 ntfs_log_debug("Failed to open inode FILE_LogFile.\n"); 641 errno = EIO; 642 return -1; 643 } 644 if ((na = ntfs_attr_open(ni, AT_DATA, AT_UNNAMED, 0)) == NULL) { 645 ntfs_log_debug("Failed to open $FILE_LogFile/$DATA\n"); 646 err = EIO; 647 goto exit; 648 } 649 if (!ntfs_check_logfile(na, &rp) || !ntfs_is_logfile_clean(na, rp)) 650 err = EOPNOTSUPP; 651 free(rp); 652exit: 653 if (na) 654 ntfs_attr_close(na); 655 ntfs_inode_close(ni); 656 if (err) { 657 errno = err; 658 return -1; 659 } 660 return 0; 661} 662 663/** 664 * ntfs_hiberfile_open - Find and open '/hiberfil.sys' 665 * @vol: An ntfs volume obtained from ntfs_mount 666 * 667 * Return: inode Success, hiberfil.sys is valid 668 * NULL hiberfil.sys doesn't exist or some other error occurred 669 */ 670static ntfs_inode *ntfs_hiberfile_open(ntfs_volume *vol) 671{ 672 u64 inode; 673 ntfs_inode *ni_root; 674 ntfs_inode *ni_hibr = NULL; 675 ntfschar *unicode = NULL; 676 int unicode_len; 677 const char *hiberfile = "hiberfil.sys"; 678 679 if (!vol) { 680 errno = EINVAL; 681 return NULL; 682 } 683 684 ni_root = ntfs_inode_open(vol, FILE_root); 685 if (!ni_root) { 686 ntfs_log_debug("Couldn't open the root directory.\n"); 687 return NULL; 688 } 689 690 unicode_len = ntfs_mbstoucs(hiberfile, &unicode, 0); 691 if (unicode_len < 0) { 692 ntfs_log_perror("Couldn't convert 'hiberfil.sys' to Unicode"); 693 goto out; 694 } 695 696 inode = ntfs_inode_lookup_by_name(ni_root, unicode, unicode_len); 697 if (inode == (u64)-1) { 698 ntfs_log_debug("Couldn't find file '%s'.\n", hiberfile); 699 goto out; 700 } 701 702 inode = MREF(inode); 703 ni_hibr = ntfs_inode_open(vol, inode); 704 if (!ni_hibr) { 705 ntfs_log_debug("Couldn't open inode %lld.\n", (long long)inode); 706 goto out; 707 } 708out: 709 ntfs_inode_close(ni_root); 710 free(unicode); 711 return ni_hibr; 712} 713 714 715#define NTFS_HIBERFILE_HEADER_SIZE 4096 716 717/** 718 * ntfs_volume_check_hiberfile - check hiberfil.sys whether Windows is 719 * hibernated on the target volume 720 * @vol: volume on which to check hiberfil.sys 721 * 722 * Return: 0 if Windows isn't hibernated for sure 723 * -1 otherwise and errno is set to the appropriate value 724 */ 725static int ntfs_volume_check_hiberfile(ntfs_volume *vol) 726{ 727 ntfs_inode *ni; 728 ntfs_attr *na = NULL; 729 int bytes_read, ret = -1; 730 char *buf = NULL; 731 732 ni = ntfs_hiberfile_open(vol); 733 if (!ni) { 734 if (errno == ENOENT) 735 return 0; 736 return -1; 737 } 738 739 buf = ntfs_malloc(NTFS_HIBERFILE_HEADER_SIZE); 740 if (!buf) 741 goto out; 742 743 na = ntfs_attr_open(ni, AT_DATA, AT_UNNAMED, 0); 744 if (!na) { 745 ntfs_log_perror("Failed to open hiberfil.sys data attribute"); 746 goto out; 747 } 748 749 bytes_read = ntfs_attr_pread(na, 0, NTFS_HIBERFILE_HEADER_SIZE, buf); 750 if (bytes_read == -1) { 751 ntfs_log_perror("Failed to read hiberfil.sys"); 752 goto out; 753 } 754 if (bytes_read < NTFS_HIBERFILE_HEADER_SIZE) { 755 ntfs_log_debug("Hibernated non-system partition, refused to " 756 "mount!\n"); 757 errno = EPERM; 758 goto out; 759 } 760 if (memcmp(buf, "hibr", 4) == 0) { 761 ntfs_log_debug("Windows is hibernated, refused to mount!\n"); 762 errno = EPERM; 763 goto out; 764 } 765 ret = 0; 766out: 767 if (na) 768 ntfs_attr_close(na); 769 free(buf); 770 ntfs_inode_close(ni); 771 return ret; 772} 773 774/** 775 * ntfs_volume_get_nr_free_mft_records - calculate number of free MFT records 776 * vol: ntfs volume for which perform calculations. 777 * 778 * This function initializes @vol->nr_free_mft_records. @vol->mftbmp_na should 779 * be already opened upon call to this function. 780 * 781 * Return 0 on success. On error return -1 with errno set appropriately and 782 * @vol->nr_free_mft_records is not touched in this case. 783 */ 784static int ntfs_volume_get_nr_free_mft_records(ntfs_volume *vol) 785{ 786 long nr_free = vol->mft_na->data_size >> vol->mft_record_size_bits; 787 s64 br, total = 0; 788 u8 *buf; 789 790 buf = ntfs_malloc(vol->cluster_size); 791 if (!buf) 792 return -1; 793 while (1) { 794 int i, j; 795 796 br = ntfs_attr_pread(vol->mftbmp_na, total, 797 vol->cluster_size, buf); 798 if (br <= 0) 799 break; 800 total += br; 801 for (i = 0; i < br; i++) 802 for (j = 0; j < 8; j++) 803 if ((buf[i] >> j) & 1) 804 nr_free--; 805 } 806 free(buf); 807 if (!total || br < 0) { 808 ntfs_log_error("pread: %s\n", strerror(errno)); 809 return -1; 810 } 811 vol->nr_free_mft_records = nr_free; 812 return 0; 813} 814 815/** 816 * ntfs_volume_get_nr_free_clusters - calculate number of free clusters 817 * vol: ntfs volume for which perform calculations. 818 * 819 * This function initializes @vol->nr_free_clusters. @vol->lcnbmp_na should be 820 * already opened upon call to this function. 821 * 822 * Return 0 on success. On error return -1 with errno set appropriately and 823 * @vol->nr_free_clusters is not touched in this case. 824 */ 825static long ntfs_volume_get_nr_free_clusters(ntfs_volume *vol) 826{ 827 long nr_free = vol->nr_clusters; 828 s64 br, total = 0; 829 u8 *buf; 830 831 buf = ntfs_malloc(vol->cluster_size); 832 if (!buf) 833 return -1; 834 while (1) { 835 int i, j; 836 837 br = ntfs_attr_pread(vol->lcnbmp_na, total, 838 vol->cluster_size, buf); 839 if (br <= 0) 840 break; 841 total += br; 842 for (i = 0; i < br; i++) 843 for (j = 0; j < 8; j++) 844 if ((buf[i] >> j) & 1) 845 nr_free--; 846 } 847 free(buf); 848 if (!total || br < 0) { 849 ntfs_log_error("pread: %s\n", strerror(errno)); 850 return -1; 851 } 852 vol->nr_free_clusters = nr_free; 853 return 0; 854} 855 856/** 857 * ntfs_device_mount - open ntfs volume 858 * @dev: device to open 859 * @flags: optional mount flags 860 * 861 * This function mounts an ntfs volume. @dev should describe the device which 862 * to mount as the ntfs volume. 863 * 864 * @flags is an optional second parameter. Some flags are similar to flags used 865 * as for the mount system call (man 2 mount). Currently the following flags 866 * are implemented: 867 * NTFS_MNT_RDONLY - mount volume read-only 868 * NTFS_MNT_CASE_SENSITIVE - treat filenames as case sensitive even if 869 * they are not in POSIX namespace 870 * NTFS_MNT_NOT_EXCLUSIVE - (unix only) do not open volume exclusively 871 * NTFS_MNT_FORENSIC - mount for forensic purposes, i.e. do not do 872 * any writing at all during the mount, i.e. no 873 * journal emptying, no dirty bit setting, etc. 874 * NTFS_MNT_INTERIX - make libntfs recognize special Interix files 875 * 876 * The function opens the device @dev and verifies that it contains a valid 877 * bootsector. Then, it allocates an ntfs_volume structure and initializes 878 * some of the values inside the structure from the information stored in the 879 * bootsector. It proceeds to load the necessary system files and completes 880 * setting up the structure. 881 * 882 * Return the allocated volume structure on success and NULL on error with 883 * errno set to the error code. 884 */ 885ntfs_volume *ntfs_device_mount(struct ntfs_device *dev, ntfs_mount_flags flags) 886{ 887 s64 l; 888#ifdef DEBUG 889 const char *OK = "OK\n"; 890 const char *FAILED = "FAILED\n"; 891#endif 892 ntfs_volume *vol; 893 u8 *m = NULL, *m2 = NULL; 894 ntfs_attr_search_ctx *ctx = NULL; 895 ntfs_inode *ni; 896 ntfs_attr *na; 897 ATTR_RECORD *a; 898 VOLUME_INFORMATION *vinf; 899 ntfschar *vname; 900 int i, j, eo; 901 u32 u; 902 903 vol = ntfs_volume_startup(dev, flags); 904 if (!vol) { 905 ntfs_log_perror("Failed to startup volume"); 906 return NULL; 907 } 908 /* Record whether this is a forensic mount. */ 909 if (flags & NTFS_MNT_FORENSIC) 910 NVolSetForensicMount(vol); 911 /* Load data from $MFT and $MFTMirr and compare the contents. */ 912 m = (u8*)ntfs_malloc(vol->mftmirr_size << vol->mft_record_size_bits); 913 m2 = (u8*)ntfs_malloc(vol->mftmirr_size << vol->mft_record_size_bits); 914 if (!m || !m2) 915 goto error_exit; 916 917 l = ntfs_attr_mst_pread(vol->mft_na, 0, vol->mftmirr_size, 918 vol->mft_record_size, m); 919 if (l != vol->mftmirr_size) { 920 if (l == -1) 921 ntfs_log_perror("Failed to read $MFT"); 922 else { 923 ntfs_log_debug("Failed to read $MFT, unexpected length " 924 "(%d != %lld).\n", vol->mftmirr_size, l); 925 errno = EIO; 926 } 927 goto error_exit; 928 } 929 l = ntfs_attr_mst_pread(vol->mftmirr_na, 0, vol->mftmirr_size, 930 vol->mft_record_size, m2); 931 if (l != vol->mftmirr_size) { 932 if (l == -1) 933 ntfs_log_perror("Failed to read $MFTMirr"); 934 else { 935 ntfs_log_debug("Failed to read $MFTMirr, unexpected " 936 "length (%d != %lld).\n", 937 vol->mftmirr_size, l); 938 errno = EIO; 939 } 940 goto error_exit; 941 } 942 ntfs_log_debug("Comparing $MFTMirr to $MFT... "); 943 for (i = 0; i < vol->mftmirr_size; ++i) { 944 MFT_RECORD *mrec, *mrec2; 945 const char *ESTR[12] = { "$MFT", "$MFTMirr", "$LogFile", 946 "$Volume", "$AttrDef", "root directory", "$Bitmap", 947 "$Boot", "$BadClus", "$Secure", "$UpCase", "$Extend" }; 948 const char *s; 949 950 if (i < 12) 951 s = ESTR[i]; 952 else if (i < 16) 953 s = "system file"; 954 else 955 s = "mft record"; 956 957 mrec = (MFT_RECORD*)(m + i * vol->mft_record_size); 958 if (mrec->flags & MFT_RECORD_IN_USE) { 959 if (ntfs_is_baad_record(mrec->magic)) { 960 ntfs_log_debug("FAILED\n"); 961 ntfs_log_debug("$MFT error: Incomplete multi " 962 "sector transfer detected in " 963 "%s.\n", s); 964 goto io_error_exit; 965 } 966 if (!ntfs_is_mft_record(mrec->magic)) { 967 ntfs_log_debug("FAILED\n"); 968 ntfs_log_debug("$MFT error: Invalid mft " 969 "record for %s.\n", s); 970 goto io_error_exit; 971 } 972 } 973 mrec2 = (MFT_RECORD*)(m2 + i * vol->mft_record_size); 974 if (mrec2->flags & MFT_RECORD_IN_USE) { 975 if (ntfs_is_baad_record(mrec2->magic)) { 976 ntfs_log_debug("FAILED\n"); 977 ntfs_log_debug("$MFTMirr error: Incomplete " 978 "multi sector transfer " 979 "detected in %s.\n", s); 980 goto io_error_exit; 981 } 982 if (!ntfs_is_mft_record(mrec2->magic)) { 983 ntfs_log_debug("FAILED\n"); 984 ntfs_log_debug("$MFTMirr error: Invalid mft " 985 "record for %s.\n", s); 986 goto io_error_exit; 987 } 988 } 989 if (memcmp(mrec, mrec2, ntfs_mft_record_get_data_size(mrec))) { 990 ntfs_log_debug(FAILED); 991 ntfs_log_debug("$MFTMirr does not match $MFT. Run " 992 "chkdsk.\n"); 993 goto io_error_exit; 994 } 995 } 996 ntfs_log_debug(OK); 997 998 free(m2); 999 free(m); 1000 m = m2 = NULL; 1001 1002 /* Now load the bitmap from $Bitmap. */ 1003 ntfs_log_debug("Loading $Bitmap... "); 1004 vol->lcnbmp_ni = ntfs_inode_open(vol, FILE_Bitmap); 1005 if (!vol->lcnbmp_ni) { 1006 ntfs_log_debug(FAILED); 1007 ntfs_log_perror("Failed to open inode"); 1008 goto error_exit; 1009 } 1010 /* Get an ntfs attribute for $Bitmap/$DATA. */ 1011 vol->lcnbmp_na = ntfs_attr_open(vol->lcnbmp_ni, AT_DATA, AT_UNNAMED, 0); 1012 if (!vol->lcnbmp_na) { 1013 ntfs_log_debug(FAILED); 1014 ntfs_log_perror("Failed to open ntfs attribute"); 1015 goto error_exit; 1016 } 1017 /* Done with the $Bitmap mft record. */ 1018 ntfs_log_debug(OK); 1019 1020 /* Now load the upcase table from $UpCase. */ 1021 ntfs_log_debug("Loading $UpCase... "); 1022 ni = ntfs_inode_open(vol, FILE_UpCase); 1023 if (!ni) { 1024 ntfs_log_debug(FAILED); 1025 ntfs_log_perror("Failed to open inode"); 1026 goto error_exit; 1027 } 1028 /* Get an ntfs attribute for $UpCase/$DATA. */ 1029 na = ntfs_attr_open(ni, AT_DATA, AT_UNNAMED, 0); 1030 if (!na) { 1031 ntfs_log_debug(FAILED); 1032 ntfs_log_perror("Failed to open ntfs attribute"); 1033 goto error_exit; 1034 } 1035 /* 1036 * Note: Normally, the upcase table has a length equal to 65536 1037 * 2-byte Unicode characters but allow for different cases, so no 1038 * checks done. Just check we don't overflow 32-bits worth of Unicode 1039 * characters. 1040 */ 1041 if (na->data_size & ~0x1ffffffffULL) { 1042 ntfs_log_debug(FAILED); 1043 ntfs_log_debug("Error: Upcase table is too big (max 32-bit " 1044 "allowed).\n"); 1045 errno = EINVAL; 1046 goto error_exit; 1047 } 1048 if (vol->upcase_len != na->data_size >> 1) { 1049 vol->upcase_len = na->data_size >> 1; 1050 /* Throw away default table. */ 1051 free(vol->upcase); 1052 vol->upcase = (ntfschar*)ntfs_malloc(na->data_size); 1053 if (!vol->upcase) { 1054 ntfs_log_debug(FAILED); 1055 goto error_exit; 1056 } 1057 } 1058 /* Read in the $DATA attribute value into the buffer. */ 1059 l = ntfs_attr_pread(na, 0, na->data_size, vol->upcase); 1060 if (l != na->data_size) { 1061 ntfs_log_debug(FAILED); 1062 ntfs_log_debug("Amount of data read does not correspond to " 1063 "expected length!\n"); 1064 errno = EIO; 1065 goto error_exit; 1066 } 1067 /* Done with the $UpCase mft record. */ 1068 ntfs_log_debug(OK); 1069 ntfs_attr_close(na); 1070 if (ntfs_inode_close(ni)) 1071 ntfs_log_perror("Failed to close inode, leaking memory"); 1072 1073 /* 1074 * Now load $Volume and set the version information and flags in the 1075 * vol structure accordingly. 1076 */ 1077 ntfs_log_debug("Loading $Volume... "); 1078 vol->vol_ni = ntfs_inode_open(vol, FILE_Volume); 1079 if (!vol->vol_ni) { 1080 ntfs_log_debug(FAILED); 1081 ntfs_log_perror("Failed to open inode"); 1082 goto error_exit; 1083 } 1084 /* Get a search context for the $Volume/$VOLUME_INFORMATION lookup. */ 1085 ctx = ntfs_attr_get_search_ctx(vol->vol_ni, NULL); 1086 if (!ctx) { 1087 ntfs_log_debug(FAILED); 1088 ntfs_log_perror("Failed to allocate attribute search context"); 1089 goto error_exit; 1090 } 1091 /* Find the $VOLUME_INFORMATION attribute. */ 1092 if (ntfs_attr_lookup(AT_VOLUME_INFORMATION, AT_UNNAMED, 0, 0, 0, NULL, 1093 0, ctx)) { 1094 ntfs_log_debug(FAILED); 1095 ntfs_log_debug("$VOLUME_INFORMATION attribute not found in " 1096 "$Volume?!?\n"); 1097 goto error_exit; 1098 } 1099 a = ctx->attr; 1100 /* Has to be resident. */ 1101 if (a->non_resident) { 1102 ntfs_log_debug(FAILED); 1103 ntfs_log_debug("Error: Attribute $VOLUME_INFORMATION must be " 1104 "resident (and it isn't)!\n"); 1105 errno = EIO; 1106 goto error_exit; 1107 } 1108 /* Get a pointer to the value of the attribute. */ 1109 vinf = (VOLUME_INFORMATION*)(le16_to_cpu(a->u.res.value_offset) + (char*)a); 1110 /* Sanity checks. */ 1111 if ((char*)vinf + le32_to_cpu(a->u.res.value_length) > (char*)ctx->mrec + 1112 le32_to_cpu(ctx->mrec->bytes_in_use) || 1113 le16_to_cpu(a->u.res.value_offset) + le32_to_cpu( 1114 a->u.res.value_length) > le32_to_cpu(a->length)) { 1115 ntfs_log_debug(FAILED); 1116 ntfs_log_debug("Error: Attribute $VOLUME_INFORMATION in " 1117 "$Volume is corrupt!\n"); 1118 errno = EIO; 1119 goto error_exit; 1120 } 1121 /* Setup vol from the volume information attribute value. */ 1122 vol->major_ver = vinf->major_ver; 1123 vol->minor_ver = vinf->minor_ver; 1124 /* 1125 * Do not use le16_to_cpu() macro here as our VOLUME_FLAGS are defined 1126 * using cpu_to_le16() macro and hence are consistent. 1127 */ 1128 vol->flags = vinf->flags; 1129 /* Record whether the volume was dirty or not. */ 1130 if (vol->flags & VOLUME_IS_DIRTY) 1131 NVolSetWasDirty(vol); 1132 /* 1133 * Reinitialize the search context for the $Volume/$VOLUME_NAME lookup. 1134 */ 1135 ntfs_attr_reinit_search_ctx(ctx); 1136 if (ntfs_attr_lookup(AT_VOLUME_NAME, AT_UNNAMED, 0, 0, 0, NULL, 0, 1137 ctx)) { 1138 if (errno != ENOENT) { 1139 ntfs_log_debug(FAILED); 1140 ntfs_log_debug("Error: Lookup of $VOLUME_NAME " 1141 "attribute in $Volume failed. " 1142 "This probably means something is " 1143 "corrupt. Run chkdsk.\n"); 1144 goto error_exit; 1145 } 1146 /* 1147 * Attribute not present. This has been seen in the field. 1148 * Treat this the same way as if the attribute was present but 1149 * had zero length. 1150 */ 1151 vol->vol_name = ntfs_malloc(1); 1152 if (!vol->vol_name) { 1153 ntfs_log_debug(FAILED); 1154 goto error_exit; 1155 } 1156 vol->vol_name[0] = '\0'; 1157 } else { 1158 a = ctx->attr; 1159 /* Has to be resident. */ 1160 if (a->non_resident) { 1161 ntfs_log_debug(FAILED); 1162 ntfs_log_debug("Error: Attribute $VOLUME_NAME must be " 1163 "resident!\n"); 1164 errno = EIO; 1165 goto error_exit; 1166 } 1167 /* Get a pointer to the value of the attribute. */ 1168 vname = (ntfschar*)(le16_to_cpu(a->u.res.value_offset) + (char*)a); 1169 u = le32_to_cpu(a->u.res.value_length) / 2; 1170 /* 1171 * Convert Unicode volume name to current locale multibyte 1172 * format. 1173 */ 1174 vol->vol_name = NULL; 1175 if (ntfs_ucstombs(vname, u, &vol->vol_name, 0) == -1) { 1176 ntfs_log_perror("Error: Volume name could not be " 1177 "converted to current locale"); 1178 ntfs_log_debug("Forcing name into ASCII by replacing " 1179 "non-ASCII characters with underscores.\n"); 1180 vol->vol_name = ntfs_malloc(u + 1); 1181 if (!vol->vol_name) { 1182 ntfs_log_debug(FAILED); 1183 goto error_exit; 1184 } 1185 for (j = 0; j < (s32)u; j++) { 1186 u16 uc = le16_to_cpu(vname[j]); 1187 if (uc > 0xff) 1188 uc = (u16)'_'; 1189 vol->vol_name[j] = (char)uc; 1190 } 1191 vol->vol_name[u] = 0; 1192 } 1193 } 1194 ntfs_log_debug(OK); 1195 ntfs_attr_put_search_ctx(ctx); 1196 ctx = NULL; 1197 /* Now load the attribute definitions from $AttrDef. */ 1198 ntfs_log_debug("Loading $AttrDef... "); 1199 ni = ntfs_inode_open(vol, FILE_AttrDef); 1200 if (!ni) { 1201 ntfs_log_debug(FAILED); 1202 ntfs_log_perror("Failed to open inode"); 1203 goto error_exit; 1204 } 1205 /* Get an ntfs attribute for $AttrDef/$DATA. */ 1206 na = ntfs_attr_open(ni, AT_DATA, AT_UNNAMED, 0); 1207 if (!na) { 1208 ntfs_log_debug(FAILED); 1209 ntfs_log_perror("Failed to open ntfs attribute"); 1210 goto error_exit; 1211 } 1212 /* Check we don't overflow 32-bits. */ 1213 if (na->data_size > 0xffffffffLL) { 1214 ntfs_log_debug(FAILED); 1215 ntfs_log_debug("Error: Attribute definition table is too big " 1216 "(max 32-bit allowed).\n"); 1217 errno = EINVAL; 1218 goto error_exit; 1219 } 1220 vol->attrdef_len = na->data_size; 1221 vol->attrdef = (ATTR_DEF*)ntfs_malloc(na->data_size); 1222 if (!vol->attrdef) { 1223 ntfs_log_debug(FAILED); 1224 goto error_exit; 1225 } 1226 /* Read in the $DATA attribute value into the buffer. */ 1227 l = ntfs_attr_pread(na, 0, na->data_size, vol->attrdef); 1228 if (l != na->data_size) { 1229 ntfs_log_debug(FAILED); 1230 ntfs_log_debug("Amount of data read does not correspond to " 1231 "expected length!\n"); 1232 errno = EIO; 1233 goto error_exit; 1234 } 1235 /* Done with the $AttrDef mft record. */ 1236 ntfs_log_debug(OK); 1237 ntfs_attr_close(na); 1238 if (ntfs_inode_close(ni)) 1239 ntfs_log_perror("Failed to close inode, leaking memory"); 1240 /* Initialize number of free clusters and MFT records. */ 1241 if (ntfs_volume_get_nr_free_mft_records(vol)) { 1242 ntfs_log_perror("Failed to calculate number of free MFTs"); 1243 goto error_exit; 1244 } 1245 if (ntfs_volume_get_nr_free_clusters(vol)) { 1246 ntfs_log_perror("Failed to calculate number of free clusters"); 1247 goto error_exit; 1248 } 1249 /* 1250 * Check for dirty logfile and hibernated Windows. 1251 * We care only about read-write mounts. 1252 * 1253 * If all is ok, reset the logfile and set the dirty bit on the volume. 1254 * 1255 * But do not do that if this is a FORENSIC mount. 1256 */ 1257 if (!(flags & NTFS_MNT_RDONLY)) { 1258 if (ntfs_volume_check_hiberfile(vol) < 0) 1259 goto error_exit; 1260 if (ntfs_volume_check_logfile(vol) < 0) { 1261 if (errno != EOPNOTSUPP || !(flags & NTFS_MNT_FORCE)) 1262 goto error_exit; 1263 ntfs_log_warning("WARNING: $LogFile is not clean, " 1264 "forced to continue.\n"); 1265 NVolSetWasDirty(vol); /* Leave volume dirty since we 1266 empted logfile. */ 1267 } 1268 if (!NVolForensicMount(vol)) { 1269 if (ntfs_logfile_reset(vol) < 0) 1270 goto error_exit; 1271 if (!(vol->flags & VOLUME_IS_DIRTY)) { 1272 vol->flags |= VOLUME_IS_DIRTY; 1273 if (ntfs_volume_write_flags(vol, vol->flags) < 1274 0) 1275 goto error_exit; 1276 } 1277 } 1278 } 1279 return vol; 1280io_error_exit: 1281 errno = EIO; 1282error_exit: 1283 eo = errno; 1284 if (ctx) 1285 ntfs_attr_put_search_ctx(ctx); 1286 free(m); 1287 free(m2); 1288 __ntfs_volume_release(vol); 1289 errno = eo; 1290 return NULL; 1291} 1292 1293/** 1294 * ntfs_mount - open ntfs volume 1295 * @name: name of device/file to open 1296 * @flags: optional mount flags 1297 * 1298 * This function mounts an ntfs volume. @name should contain the name of the 1299 * device/file to mount as the ntfs volume. 1300 * 1301 * @flags is an optional second parameter. See ntfs_device_mount comment for 1302 * description. 1303 * 1304 * The function opens the device or file @name and verifies that it contains a 1305 * valid bootsector. Then, it allocates an ntfs_volume structure and initializes 1306 * some of the values inside the structure from the information stored in the 1307 * bootsector. It proceeds to load the necessary system files and completes 1308 * setting up the structure. 1309 * 1310 * Return the allocated volume structure on success and NULL on error with 1311 * errno set to the error code. 1312 * 1313 * Note, that a copy is made of @name, and hence it can be discarded as 1314 * soon as the function returns. 1315 */ 1316ntfs_volume *ntfs_mount(const char *name __attribute__((unused)), 1317 ntfs_mount_flags flags __attribute__((unused))) 1318{ 1319#ifndef NO_NTFS_DEVICE_DEFAULT_IO_OPS 1320 struct ntfs_device *dev; 1321 ntfs_volume *vol; 1322 1323 /* Allocate an ntfs_device structure. */ 1324 dev = ntfs_device_alloc(name, 0, &ntfs_device_default_io_ops, NULL); 1325 if (!dev) 1326 return NULL; 1327 /* Call ntfs_device_mount() to do the actual mount. */ 1328 vol = ntfs_device_mount(dev, flags); 1329 if (!vol) { 1330 int eo = errno; 1331 ntfs_device_free(dev); 1332 errno = eo; 1333 } 1334 return vol; 1335#else 1336 /* 1337 * ntfs_mount() makes no sense if NO_NTFS_DEVICE_DEFAULT_IO_OPS is 1338 * defined as there are no device operations available in libntfs in 1339 * this case. 1340 */ 1341 errno = EOPNOTSUPP; 1342 return NULL; 1343#endif 1344} 1345 1346/** 1347 * ntfs_device_umount - close ntfs volume 1348 * @vol: address of ntfs_volume structure of volume to close 1349 * @force: if true force close the volume even if it is busy 1350 * 1351 * Deallocate all structures (including @vol itself) associated with the ntfs 1352 * volume @vol. 1353 * 1354 * Note it is up to the caller to destroy the device associated with the volume 1355 * being unmounted after this function returns. 1356 * 1357 * Return 0 on success. On error return -1 with errno set appropriately 1358 * (most likely to one of EAGAIN, EBUSY or EINVAL). The EAGAIN error means that 1359 * an operation is in progress and if you try the close later the operation 1360 * might be completed and the close succeed. 1361 * 1362 * If @force is true (i.e. not zero) this function will close the volume even 1363 * if this means that data might be lost. 1364 * 1365 * @vol must have previously been returned by a call to ntfs_device_mount(). 1366 * 1367 * @vol itself is deallocated and should no longer be dereferenced after this 1368 * function returns success. If it returns an error then nothing has been done 1369 * so it is safe to continue using @vol. 1370 */ 1371int ntfs_device_umount(ntfs_volume *vol, 1372 const BOOL force __attribute__((unused))) 1373{ 1374 if (!vol) { 1375 errno = EINVAL; 1376 return -1; 1377 } 1378 __ntfs_volume_release(vol); 1379 return 0; 1380} 1381 1382/** 1383 * ntfs_umount - close ntfs volume 1384 * @vol: address of ntfs_volume structure of volume to close 1385 * @force: if true force close the volume even if it is busy 1386 * 1387 * Deallocate all structures (including @vol itself) associated with the ntfs 1388 * volume @vol. 1389 * 1390 * Return 0 on success. On error return -1 with errno set appropriately 1391 * (most likely to one of EAGAIN, EBUSY or EINVAL). The EAGAIN error means that 1392 * an operation is in progress and if you try the close later the operation 1393 * might be completed and the close succeed. 1394 * 1395 * If @force is true (i.e. not zero) this function will close the volume even 1396 * if this means that data might be lost. 1397 * 1398 * @vol must have previously been returned by a call to ntfs_mount(). 1399 * 1400 * @vol itself is deallocated and should no longer be dereferenced after this 1401 * function returns success. If it returns an error then nothing has been done 1402 * so it is safe to continue using @vol. 1403 */ 1404int ntfs_umount(ntfs_volume *vol, 1405 const BOOL force __attribute__((unused))) 1406{ 1407 struct ntfs_device *dev; 1408 1409 if (!vol) { 1410 errno = EINVAL; 1411 return -1; 1412 } 1413 dev = vol->u.dev; 1414 __ntfs_volume_release(vol); 1415 ntfs_device_free(dev); 1416 return 0; 1417} 1418 1419#ifdef HAVE_MNTENT_H 1420 1421#ifndef HAVE_REALPATH 1422/** 1423 * realpath - If there is no realpath on the system 1424 */ 1425static char *realpath(const char *path, char *resolved_path) 1426{ 1427 strncpy(resolved_path, path, PATH_MAX); 1428 resolved_path[PATH_MAX] = '\0'; 1429 return resolved_path; 1430} 1431#endif 1432 1433/** 1434 * ntfs_mntent_check - desc 1435 * 1436 * If you are wanting to use this, you actually wanted to use 1437 * ntfs_check_if_mounted(), you just didn't realize. (-: 1438 * 1439 * See description of ntfs_check_if_mounted(), below. 1440 */ 1441static int ntfs_mntent_check(const char *file, unsigned long *mnt_flags) 1442{ 1443 struct mntent *mnt; 1444 char *real_file = NULL, *real_fsname = NULL; 1445 FILE *f; 1446 int err = 0; 1447 1448 real_file = ntfs_malloc(PATH_MAX + 1); 1449 if (!real_file) 1450 return -1; 1451 real_fsname = ntfs_malloc(PATH_MAX + 1); 1452 if (!real_fsname) { 1453 err = errno; 1454 goto exit; 1455 } 1456 if (!realpath(file, real_file)) { 1457 err = errno; 1458 goto exit; 1459 } 1460 if (!(f = setmntent(MOUNTED, "r"))) { 1461 err = errno; 1462 goto exit; 1463 } 1464 while ((mnt = getmntent(f))) { 1465 if (!realpath(mnt->mnt_fsname, real_fsname)) 1466 continue; 1467 if (!strcmp(real_file, real_fsname)) 1468 break; 1469 } 1470 endmntent(f); 1471 if (!mnt) 1472 goto exit; 1473 *mnt_flags = NTFS_MF_MOUNTED; 1474 if (!strcmp(mnt->mnt_dir, "/")) 1475 *mnt_flags |= NTFS_MF_ISROOT; 1476#ifdef HAVE_HASMNTOPT 1477 if (hasmntopt(mnt, "ro") && !hasmntopt(mnt, "rw")) 1478 *mnt_flags |= NTFS_MF_READONLY; 1479#endif 1480exit: 1481 free(real_file); 1482 free(real_fsname); 1483 if (err) { 1484 errno = err; 1485 return -1; 1486 } 1487 return 0; 1488} 1489#endif /* HAVE_MNTENT_H */ 1490 1491/** 1492 * ntfs_check_if_mounted - check if an ntfs volume is currently mounted 1493 * @file: device file to check 1494 * @mnt_flags: pointer into which to return the ntfs mount flags (see volume.h) 1495 * 1496 * If the running system does not support the {set,get,end}mntent() calls, 1497 * just return 0 and set *@mnt_flags to zero. 1498 * 1499 * When the system does support the calls, ntfs_check_if_mounted() first tries 1500 * to find the device @file in /etc/mtab (or wherever this is kept on the 1501 * running system). If it is not found, assume the device is not mounted and 1502 * return 0 and set *@mnt_flags to zero. 1503 * 1504 * If the device @file is found, set the NTFS_MF_MOUNTED flags in *@mnt_flags. 1505 * 1506 * Further if @file is mounted as the file system root ("/"), set the flag 1507 * NTFS_MF_ISROOT in *@mnt_flags. 1508 * 1509 * Finally, check if the file system is mounted read-only, and if so set the 1510 * NTFS_MF_READONLY flag in *@mnt_flags. 1511 * 1512 * On success return 0 with *@mnt_flags set to the ntfs mount flags. 1513 * 1514 * On error return -1 with errno set to the error code. 1515 */ 1516int ntfs_check_if_mounted(const char *file __attribute__((unused)), 1517 unsigned long *mnt_flags) 1518{ 1519 *mnt_flags = 0; 1520#ifdef HAVE_MNTENT_H 1521 return ntfs_mntent_check(file, mnt_flags); 1522#else 1523 return 0; 1524#endif 1525} 1526 1527/** 1528 * ntfs_version_is_supported - check if NTFS version is supported. 1529 * @vol: ntfs volume whose version we're interested in. 1530 * 1531 * The function checks if the NTFS volume version is known or not. 1532 * Version 1.1 and 1.2 are used by Windows NT3.x and NT4. 1533 * Version 2.x is used by Windows 2000 Betas. 1534 * Version 3.0 is used by Windows 2000. 1535 * Version 3.1 is used by Windows XP, Windows Server 2003 and Vista. 1536 * 1537 * Return 0 if NTFS version is supported otherwise -1 with errno set. 1538 * 1539 * The following error codes are defined: 1540 * EOPNOTSUPP - Unknown NTFS version 1541 * EINVAL - Invalid argument 1542 */ 1543int ntfs_version_is_supported(ntfs_volume *vol) 1544{ 1545 u8 major, minor; 1546 1547 if (!vol) { 1548 errno = EINVAL; 1549 return -1; 1550 } 1551 1552 major = vol->major_ver; 1553 minor = vol->minor_ver; 1554 1555 if (NTFS_V1_1(major, minor) || NTFS_V1_2(major, minor)) 1556 return 0; 1557 1558 if (NTFS_V2_X(major, minor)) 1559 return 0; 1560 1561 if (NTFS_V3_0(major, minor) || NTFS_V3_1(major, minor)) 1562 return 0; 1563 1564 errno = EOPNOTSUPP; 1565 return -1; 1566} 1567 1568/** 1569 * ntfs_logfile_reset - "empty" $LogFile data attribute value 1570 * @vol: ntfs volume whose $LogFile we intend to reset. 1571 * 1572 * Fill the value of the $LogFile data attribute, i.e. the contents of 1573 * the file, with 0xff's, thus marking the journal as empty. 1574 * 1575 * FIXME(?): We might need to zero the LSN field of every single mft 1576 * record as well. (But, first try without doing that and see what 1577 * happens, since chkdsk might pickup the pieces and do it for us...) 1578 * 1579 * On success return 0. 1580 * 1581 * On error return -1 with errno set to the error code. 1582 */ 1583int ntfs_logfile_reset(ntfs_volume *vol) 1584{ 1585 ntfs_inode *ni; 1586 ntfs_attr *na; 1587 int eo; 1588 1589 if (!vol) { 1590 errno = EINVAL; 1591 return -1; 1592 } 1593 1594 if ((ni = ntfs_inode_open(vol, FILE_LogFile)) == NULL) { 1595 ntfs_log_perror("Failed to open inode FILE_LogFile."); 1596 return -1; 1597 } 1598 1599 if ((na = ntfs_attr_open(ni, AT_DATA, AT_UNNAMED, 0)) == NULL) { 1600 eo = errno; 1601 ntfs_log_perror("Failed to open $FILE_LogFile/$DATA"); 1602 goto error_exit; 1603 } 1604 1605 if (ntfs_empty_logfile(na)) { 1606 eo = errno; 1607 ntfs_log_perror("Failed to empty $FILE_LogFile/$DATA"); 1608 ntfs_attr_close(na); 1609 goto error_exit; 1610 } 1611 ntfs_attr_close(na); 1612 return ntfs_inode_close(ni); 1613 1614error_exit: 1615 ntfs_inode_close(ni); 1616 errno = eo; 1617 return -1; 1618} 1619 1620/** 1621 * ntfs_volume_write_flags - set the flags of an ntfs volume 1622 * @vol: ntfs volume where we set the volume flags 1623 * @flags: new flags 1624 * 1625 * Set the on-disk volume flags in the mft record of $Volume and 1626 * on volume @vol to @flags. 1627 * 1628 * Return 0 if successful and -1 if not with errno set to the error code. 1629 */ 1630int ntfs_volume_write_flags(ntfs_volume *vol, const le16 flags) 1631{ 1632 ATTR_RECORD *a; 1633 VOLUME_INFORMATION *c; 1634 ntfs_attr_search_ctx *ctx; 1635 int ret = -1; /* failure */ 1636 1637 if (!vol || !vol->vol_ni) { 1638 errno = EINVAL; 1639 return -1; 1640 } 1641 /* Get a pointer to the volume information attribute. */ 1642 ctx = ntfs_attr_get_search_ctx(vol->vol_ni, NULL); 1643 if (!ctx) { 1644 ntfs_log_perror("Failed to allocate attribute search context"); 1645 return -1; 1646 } 1647 if (ntfs_attr_lookup(AT_VOLUME_INFORMATION, AT_UNNAMED, 0, 0, 0, NULL, 1648 0, ctx)) { 1649 ntfs_log_error("Attribute $VOLUME_INFORMATION was not found " 1650 "in $Volume!\n"); 1651 goto err_out; 1652 } 1653 a = ctx->attr; 1654 /* Sanity check. */ 1655 if (a->non_resident) { 1656 ntfs_log_error("Attribute $VOLUME_INFORMATION must be " 1657 "resident (and it isn't)!\n"); 1658 errno = EIO; 1659 goto err_out; 1660 } 1661 /* Get a pointer to the value of the attribute. */ 1662 c = (VOLUME_INFORMATION*)(le16_to_cpu(a->u.res.value_offset) + (char*)a); 1663 /* Sanity checks. */ 1664 if ((char*)c + le32_to_cpu(a->u.res.value_length) > (char*)ctx->mrec + 1665 le32_to_cpu(ctx->mrec->bytes_in_use) || 1666 le16_to_cpu(a->u.res.value_offset) + 1667 le32_to_cpu(a->u.res.value_length) > le32_to_cpu(a->length)) { 1668 ntfs_log_error("Attribute $VOLUME_INFORMATION in $Volume is " 1669 "corrupt!\n"); 1670 errno = EIO; 1671 goto err_out; 1672 } 1673 /* Set the volume flags. */ 1674 vol->flags = c->flags = flags & VOLUME_FLAGS_MASK; 1675 /* Write them to disk. */ 1676 ntfs_inode_mark_dirty(vol->vol_ni); 1677 if (ntfs_inode_sync(vol->vol_ni)) { 1678 ntfs_log_perror("Error writing $Volume"); 1679 goto err_out; 1680 } 1681 ret = 0; /* success */ 1682err_out: 1683 ntfs_attr_put_search_ctx(ctx); 1684 if (ret) 1685 ntfs_log_error("%s(): Failed.\n", "ntfs_volume_write_flags"); 1686 return ret; 1687} 1688 1689