1 /**
2 * ntfsclone - Part of the Linux-NTFS project.
3 *
4 * Copyright (c) 2003-2006 Szabolcs Szakacsits
5 * Copyright (c) 2004-2006 Anton Altaparmakov
6 * Copyright (c) 2010-2018 Jean-Pierre Andre
7 * Special image format support copyright (c) 2004 Per Olofsson
8 *
9 * Clone NTFS data and/or metadata to a sparse file, image, device or stdout.
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 */
16
17 #include "config.h"
18
19 #ifdef HAVE_UNISTD_H
20 #include <unistd.h>
21 #endif
22 #ifdef HAVE_STDLIB_H
23 #include <stdlib.h>
24 #endif
25 #ifdef HAVE_STDIO_H
26 #include <stdio.h>
27 #endif
28 #ifdef HAVE_SYS_TYPES_H
29 #include <sys/types.h>
30 #endif
31 #ifdef HAVE_SYS_STAT_H
32 #include <sys/stat.h>
33 #endif
34 #ifdef HAVE_TIME_H
35 #include <time.h>
36 #endif
37 #ifdef HAVE_SYS_IOCTL_H
38 #include <sys/ioctl.h>
39 #endif
40 #ifdef HAVE_SYS_VFS_H
41 #include <sys/vfs.h>
42 #endif
43 #ifdef HAVE_SYS_STATVFS_H
44 #include <sys/statvfs.h>
45 #endif
46 #ifdef HAVE_FCNTL_H
47 #include <fcntl.h>
48 #endif
49 #ifdef HAVE_STDARG_H
50 #include <stdarg.h>
51 #endif
52 #ifdef HAVE_STRING_H
53 #include <string.h>
54 #endif
55 #ifdef HAVE_ERRNO_H
56 #include <errno.h>
57 #endif
58 #ifdef HAVE_GETOPT_H
59 #include <getopt.h>
60 #endif
61 #ifdef HAVE_UNISTD_H
62 #include <unistd.h>
63 #endif
64 #ifdef HAVE_SYS_MOUNT_H
65 #include <sys/mount.h>
66 #endif
67
68 /*
69 * FIXME: ntfsclone do bad things about endians handling. Fix it and remove
70 * this note and define.
71 */
72 #define NTFS_DO_NOT_CHECK_ENDIANS
73
74 #include "param.h"
75 #include "debug.h"
76 #include "types.h"
77 #include "support.h"
78 #include "endians.h"
79 #include "bootsect.h"
80 #include "device.h"
81 #include "attrib.h"
82 #include "mst.h"
83 #include "volume.h"
84 #include "mft.h"
85 #include "bitmap.h"
86 #include "inode.h"
87 #include "index.h"
88 #include "dir.h"
89 #include "runlist.h"
90 #include "ntfstime.h"
91 #include "utils.h"
92 /* #include "version.h" */
93 #include "misc.h"
94
95 #if defined(linux) && defined(_IO) && !defined(BLKGETSIZE)
96 #define BLKGETSIZE _IO(0x12,96) /* Get device size in 512-byte blocks. */
97 #endif
98 #if defined(linux) && defined(_IOR) && !defined(BLKGETSIZE64)
99 #define BLKGETSIZE64 _IOR(0x12,114,size_t) /* Get device size in bytes. */
100 #endif
101
102 #if defined(linux) || defined(__uClinux__) || defined(__sun) \
103 || defined(__APPLE__) || defined(__DARWIN__)
104 /* Make sure the presence of <windows.h> means compiling for Windows */
105 #undef HAVE_WINDOWS_H
106 #endif
107
108 #if defined(__sun) | defined(HAVE_WINDOWS_H)
109 #define NO_STATFS 1 /* statfs(2) and f_type are not universal */
110 #endif
111
112 #ifdef HAVE_WINDOWS_H
113 /*
114 * Replacements for functions which do not exist on Windows
115 */
116 int setmode(int, int); /* from msvcrt.dll */
117
118 #define getpid() (0)
119 #define srandom(seed) srand(seed)
120 #define random() rand()
121 #define fsync(fd) (0)
122 #define ioctl(fd,code,buf) (-1)
123 #define ftruncate(fd, size) ntfs_device_win32_ftruncate(dev_out, size)
124 #define BINWMODE "wb"
125 #else
126 #define BINWMODE "w"
127 #endif
128
129 #ifndef O_BINARY
130 #define O_BINARY 0
131 #endif
132
133 static const char *EXEC_NAME = "ntfsclone";
134
135 static const char *bad_sectors_warning_msg =
136 "*************************************************************************\n"
137 "* WARNING: The disk has one or more bad sectors. This means that damage *\n"
138 "* has occurred on the disk surface, possibly caused by deterioration of *\n"
139 "* the physical media, manufacturing faults or other reasons. The *\n"
140 "* reliability of the disk may stay stable or degrade fast. *\n"
141 "* Use the --rescue option to efficiently save as much data as possible! *\n"
142 "*************************************************************************\n";
143
144 static const char *dirty_volume_msg =
145 "Volume '%s' is scheduled for a check or it was shutdown \n"
146 "uncleanly. Please boot Windows or use the --force option to progress.\n";
147
148 static struct {
149 int verbose;
150 int quiet;
151 int debug;
152 int force;
153 int overwrite;
154 int std_out;
155 int blkdev_out; /* output file is block device */
156 int metadata; /* metadata only cloning */
157 int no_action; /* do not really restore */
158 int ignore_fs_check;
159 int rescue;
160 int save_image;
161 int new_serial;
162 int metadata_image;
163 int preserve_timestamps;
164 int full_logfile;
165 int restore_image;
166 char *output;
167 char *volume;
168 #ifndef NO_STATFS
169 struct statfs stfs;
170 #endif
171 } opt;
172
173 struct bitmap {
174 s64 size;
175 u8 *bm;
176 };
177
178 struct progress_bar {
179 u64 start;
180 u64 stop;
181 int resolution;
182 float unit;
183 };
184
185 typedef struct {
186 ntfs_inode *ni; /* inode being processed */
187 ntfs_attr_search_ctx *ctx; /* inode attribute being processed */
188 s64 inuse; /* number of clusters in use */
189 int more_use; /* possibly allocated clusters */
190 LCN current_lcn;
191 } ntfs_walk_clusters_ctx;
192
193 typedef int (ntfs_walk_op)(ntfs_inode *ni, void *data);
194
195 struct ntfs_walk_cluster {
196 ntfs_walk_op *inode_op; /* not implemented yet */
197 ntfs_walk_clusters_ctx *image;
198 };
199
200
201 static ntfs_volume *vol = NULL;
202 static struct bitmap lcn_bitmap;
203
204 static int fd_in;
205 static int fd_out;
206 static FILE *stream_out = (FILE*)NULL;
207 struct ntfs_device *dev_out = (struct ntfs_device*)NULL;
208 static FILE *msg_out = NULL;
209
210 static int wipe = 0;
211 static unsigned int nr_used_mft_records = 0;
212 static unsigned int wiped_unused_mft_data = 0;
213 static unsigned int wiped_unused_mft = 0;
214 static unsigned int wiped_resident_data = 0;
215 static unsigned int wiped_timestamp_data = 0;
216
217 static le64 volume_serial_number; /* new random serial number */
218 static u64 full_device_size; /* full size, including the backup boot sector */
219
220 static BOOL image_is_host_endian = FALSE;
221
222 #define IMAGE_MAGIC "\0ntfsclone-image"
223 #define IMAGE_MAGIC_SIZE 16
224 #define IMAGE_OFFSET_OFFSET 46 /* must be the same for all versions ! */
225 #define IMAGE_HDR_ALIGN 8 /* alignment wanted after header */
226
227 /* This is the first endianness safe format version. */
228 #define NTFSCLONE_IMG_VER_MAJOR_ENDIANNESS_SAFE 10
229 #define NTFSCLONE_IMG_VER_MINOR_ENDIANNESS_SAFE 0
230
231 /*
232 * Set the version to 10.0 to avoid colisions with old ntfsclone which
233 * stupidly used the volume version as the image version... )-: I hope NTFS
234 * never reaches version 10.0 and if it does one day I hope no-one is using
235 * such an old ntfsclone by then...
236 *
237 * NOTE: Only bump the minor version if the image format and header are still
238 * backwards compatible. Otherwise always bump the major version. If in
239 * doubt, bump the major version.
240 *
241 * Moved to 10.1 : Alternate boot sector now saved. Still compatible.
242 */
243 #define NTFSCLONE_IMG_VER_MAJOR 10
244 #define NTFSCLONE_IMG_VER_MINOR 1
245
246 enum { CMD_GAP, CMD_NEXT } ;
247
248 /* All values are in little endian. */
249 static struct image_hdr {
250 char magic[IMAGE_MAGIC_SIZE];
251 u8 major_ver;
252 u8 minor_ver;
253 /* the following is aligned dangerously (too late...) */
254 le32 cluster_size;
255 le64 device_size;
256 sle64 nr_clusters;
257 le64 inuse;
258 le32 offset_to_image_data; /* From start of image_hdr. */
259 } __attribute__((__packed__)) image_hdr;
260
261 static int compare_bitmaps(struct bitmap *a, BOOL copy);
262
263 #define NTFSCLONE_IMG_HEADER_SIZE_OLD \
264 (offsetof(struct image_hdr, offset_to_image_data))
265
266 #define NTFS_MBYTE (1000 * 1000)
267
268 #define ERR_PREFIX "ERROR"
269 #define PERR_PREFIX ERR_PREFIX "(%d): "
270 #define NERR_PREFIX ERR_PREFIX ": "
271
272 #define LAST_METADATA_INODE 11
273
274 #define NTFS_SECTOR_SIZE 512
275
276 #define rounded_up_division(a, b) (((a) + (b - 1)) / (b))
277
278 #define read_all(f, p, n) io_all((f), (p), (n), 0)
279 #define write_all(f, p, n) io_all((f), (p), (n), 1)
280
281 __attribute__((format(printf, 1, 2)))
Printf(const char *fmt, ...)282 static void Printf(const char *fmt, ...)
283 {
284 va_list ap;
285
286 va_start(ap, fmt);
287 vfprintf(msg_out, fmt, ap);
288 va_end(ap);
289 fflush(msg_out);
290 }
291
292 __attribute__((format(printf, 1, 2)))
perr_printf(const char *fmt, ...)293 static void perr_printf(const char *fmt, ...)
294 {
295 va_list ap;
296 int eo = errno;
297
298 Printf(PERR_PREFIX, eo);
299 va_start(ap, fmt);
300 vfprintf(msg_out, fmt, ap);
301 va_end(ap);
302 Printf(": %s\n", strerror(eo));
303 fflush(msg_out);
304 }
305
306 __attribute__((format(printf, 1, 2)))
err_printf(const char *fmt, ...)307 static void err_printf(const char *fmt, ...)
308 {
309 va_list ap;
310
311 Printf(NERR_PREFIX);
312 va_start(ap, fmt);
313 vfprintf(msg_out, fmt, ap);
314 va_end(ap);
315 fflush(msg_out);
316 }
317
318 __attribute__((noreturn))
319 __attribute__((format(printf, 1, 2)))
err_exit(const char *fmt, ...)320 static void err_exit(const char *fmt, ...)
321 {
322 va_list ap;
323
324 Printf(NERR_PREFIX);
325 va_start(ap, fmt);
326 vfprintf(msg_out, fmt, ap);
327 va_end(ap);
328 fflush(msg_out);
329 if (vol)
330 ntfs_umount(vol,FALSE);
331 exit(1);
332 }
333
334 __attribute__((noreturn))
335 __attribute__((format(printf, 1, 2)))
perr_exit(const char *fmt, ...)336 static void perr_exit(const char *fmt, ...)
337 {
338 va_list ap;
339 int eo = errno;
340
341 Printf(PERR_PREFIX, eo);
342 va_start(ap, fmt);
343 vfprintf(msg_out, fmt, ap);
344 va_end(ap);
345 Printf(": %s\n", strerror(eo));
346 fflush(msg_out);
347 if (vol)
348 ntfs_umount(vol,FALSE);
349 exit(1);
350 }
351
352
353 __attribute__((noreturn))
usage(int ret)354 static void usage(int ret)
355 {
356 fprintf(stderr, "\nUsage: %s [OPTIONS] SOURCE\n"
357 " Efficiently clone NTFS to a sparse file, image, device or standard output.\n"
358 "\n"
359 " -o, --output FILE Clone NTFS to the non-existent FILE\n"
360 " -O, --overwrite FILE Clone NTFS to FILE, overwriting if exists\n"
361 " -s, --save-image Save to the special image format\n"
362 " -r, --restore-image Restore from the special image format\n"
363 " --rescue Continue after disk read errors\n"
364 " -m, --metadata Clone *only* metadata (for NTFS experts)\n"
365 " -n, --no-action Test restoring, without outputting anything\n"
366 " --ignore-fs-check Ignore the filesystem check result\n"
367 " --new-serial Set a new serial number\n"
368 " --new-half-serial Set a partial new serial number\n"
369 " -t, --preserve-timestamps Do not clear the timestamps\n"
370 " -q, --quiet Do not display any progress bars\n"
371 " -f, --force Force to progress (DANGEROUS)\n"
372 " --full-logfile Include the full logfile in metadata output\n"
373 " -h, --help Display this help\n"
374 #ifdef DEBUG
375 " -d, --debug Show debug information\n"
376 #endif
377 " -V, --version Display version information\n"
378 "\n"
379 " If FILE is '-' then send the image to the standard output. If SOURCE is '-'\n"
380 " and --restore-image is used then read the image from the standard input.\n"
381 "\n", EXEC_NAME);
382 fprintf(stderr, "%s%s", ntfs_bugs, ntfs_home);
383 exit(ret);
384 }
385
386 /**
387 * version
388 */
389 __attribute__((noreturn))
version(void)390 static void version(void)
391 {
392 fprintf(stderr,
393 "Efficiently clone, image, restore or rescue an NTFS Volume.\n\n"
394 "Copyright (c) 2003-2006 Szabolcs Szakacsits\n"
395 "Copyright (c) 2004-2006 Anton Altaparmakov\n"
396 "Copyright (c) 2010-2018 Jean-Pierre Andre\n\n");
397 fprintf(stderr, "%s\n%s%s", ntfs_gpl, ntfs_bugs, ntfs_home);
398 exit(0);
399 }
400
parse_options(int argc, char **argv)401 static void parse_options(int argc, char **argv)
402 {
403 static const char *sopt = "-dfhmno:O:qrstV";
404 static const struct option lopt[] = {
405 #ifdef DEBUG
406 { "debug", no_argument, NULL, 'd' },
407 #endif
408 { "quiet", no_argument, NULL, 'q' },
409 { "force", no_argument, NULL, 'f' },
410 { "help", no_argument, NULL, 'h' },
411 { "metadata", no_argument, NULL, 'm' },
412 { "no-action", no_argument, NULL, 'n' },
413 { "output", required_argument, NULL, 'o' },
414 { "overwrite", required_argument, NULL, 'O' },
415 { "restore-image", no_argument, NULL, 'r' },
416 { "ignore-fs-check", no_argument, NULL, 'C' },
417 { "rescue", no_argument, NULL, 'R' },
418 { "new-serial", no_argument, NULL, 'I' },
419 { "new-half-serial", no_argument, NULL, 'i' },
420 { "full-logfile", no_argument, NULL, 'l' },
421 { "save-image", no_argument, NULL, 's' },
422 { "preserve-timestamps", no_argument, NULL, 't' },
423 { "version", no_argument, NULL, 'V' },
424 { NULL, 0, NULL, 0 }
425 };
426
427 int c;
428
429 memset(&opt, 0, sizeof(opt));
430
431 while ((c = getopt_long(argc, argv, sopt, lopt, NULL)) != -1) {
432 switch (c) {
433 case 1: /* A non-option argument */
434 if (opt.volume)
435 usage(1);
436 opt.volume = argv[optind-1];
437 break;
438 case 'd':
439 opt.debug++;
440 break;
441 case 'q':
442 opt.quiet++;
443 break;
444 case 'f':
445 opt.force++;
446 break;
447 case 'h':
448 usage(0);
449 case '?':
450 usage(1);
451 case 'i': /* not proposed as a short option */
452 opt.new_serial |= 1;
453 break;
454 case 'I': /* not proposed as a short option */
455 opt.new_serial |= 2;
456 break;
457 case 'l':
458 opt.full_logfile++;
459 break;
460 case 'm':
461 opt.metadata++;
462 break;
463 case 'n':
464 opt.no_action++;
465 break;
466 case 'O':
467 opt.overwrite++;
468 /* FALLTHRU */
469 case 'o':
470 if (opt.output)
471 usage(1);
472 opt.output = optarg;
473 break;
474 case 'r':
475 opt.restore_image++;
476 break;
477 case 'C':
478 opt.ignore_fs_check++;
479 break;
480 case 'R':
481 opt.rescue++;
482 break;
483 case 's':
484 opt.save_image++;
485 break;
486 case 't':
487 opt.preserve_timestamps++;
488 break;
489 case 'V':
490 version();
491 break;
492 default:
493 err_printf("Unknown option '%s'.\n", argv[optind-1]);
494 usage(1);
495 }
496 }
497
498 if (!opt.no_action && (opt.output == NULL)) {
499 err_printf("You must specify an output file.\n");
500 usage(1);
501 }
502
503 if (!opt.no_action && (strcmp(opt.output, "-") == 0))
504 opt.std_out++;
505
506 if (opt.volume == NULL) {
507 err_printf("You must specify a device file.\n");
508 usage(1);
509 }
510
511 if (!opt.restore_image && !strcmp(opt.volume, "-")) {
512 err_printf("Only special images can be read from standard input\n");
513 usage(1);
514 }
515
516 if (opt.metadata && opt.save_image) {
517 opt.metadata_image++;
518 opt.save_image = 0;
519 }
520
521 if (opt.metadata && opt.restore_image)
522 err_exit("Restoring only metadata from an image is not "
523 "supported!\n");
524
525 if (opt.metadata && !opt.metadata_image && opt.std_out)
526 err_exit("Cloning only metadata to stdout isn't supported!\n");
527
528 if (opt.ignore_fs_check && !opt.metadata && !opt.rescue)
529 err_exit("Filesystem check can be ignored only for metadata "
530 "cloning or rescue situations!\n");
531
532 if (opt.save_image && opt.restore_image)
533 err_exit("Saving and restoring an image at the same time "
534 "is not supported!\n");
535
536 if (opt.no_action && !opt.restore_image)
537 err_exit("A restoring test requires the restore option!\n");
538
539 if (opt.no_action && opt.output)
540 err_exit("A restoring test requires not defining any output!\n");
541
542 if (!opt.no_action && !opt.std_out) {
543 struct stat st;
544 #ifdef HAVE_WINDOWS_H
545 BOOL blkdev = opt.output[0] && (opt.output[1] == ':')
546 && !opt.output[2];
547
548 if (!blkdev && (stat(opt.output, &st) == -1)) {
549 #else
550 if (stat(opt.output, &st) == -1) {
551 #endif
552 if (errno != ENOENT)
553 perr_exit("Couldn't access '%s'", opt.output);
554 } else {
555 if (!opt.overwrite)
556 err_exit("Output file '%s' already exists.\n"
557 "Use option --overwrite if you want to"
558 " replace its content.\n", opt.output);
559
560 #ifdef HAVE_WINDOWS_H
561 if (blkdev) {
562 #else
563 if (S_ISBLK(st.st_mode)) {
564 #endif
565 opt.blkdev_out = 1;
566 if (opt.metadata && !opt.force)
567 err_exit("Cloning only metadata to a "
568 "block device does not usually "
569 "make sense, aborting...\n"
570 "If you were instructed to do "
571 "this by a developer and/or are "
572 "sure that this is what you want "
573 "to do, run this utility again "
574 "but this time add the force "
575 "option, i.e. add '--force' to "
576 "the command line arguments.");
577 }
578 }
579 }
580
581 /*
582 * Send messages, debug information and library messages to stdout,
583 * but, if outputing to stdout send them to stderr
584 */
585 if (opt.std_out) {
586 msg_out = stderr;
587 ntfs_log_set_handler(ntfs_log_handler_stderr);
588 } else {
589 msg_out = stdout;
590 ntfs_log_set_handler(ntfs_log_handler_outerr);
591 }
592 }
593
594 /*
595 * Initialize the random number generator with the current
596 * time, and generate a 64-bit random number for the serial
597 * number
598 */
599 static void generate_serial_number(void) {
600 u64 sn;
601
602 /* different values for parallel processes */
603 srandom(time((time_t*)NULL) ^ (getpid() << 16));
604 sn = ((u64)random() << 32) | ((u64)random() & 0xffffffff);
605 volume_serial_number = cpu_to_le64(sn);
606 }
607
608 static void progress_init(struct progress_bar *p, u64 start, u64 stop, int res)
609 {
610 p->start = start;
611 p->stop = stop;
612 p->unit = 100.0 / (stop - start);
613 p->resolution = res;
614 }
615
616
617 static void progress_update(struct progress_bar *p, u64 current)
618 {
619 float percent = p->unit * current;
620
621 if (opt.quiet)
622 return;
623
624 if (current != p->stop) {
625 if ((current - p->start) % p->resolution)
626 return;
627 Printf("%6.2f percent completed\r", percent);
628 } else
629 Printf("100.00 percent completed\n");
630 fflush(msg_out);
631 }
632
633 static s64 is_critical_metadata(ntfs_walk_clusters_ctx *image, runlist *rl)
634 {
635 s64 inode = image->ni->mft_no;
636
637 if (inode <= LAST_METADATA_INODE) {
638
639 /* Don't save bad sectors (both $Bad and unnamed are ignored */
640 if (inode == FILE_BadClus && image->ctx->attr->type == AT_DATA)
641 return 0;
642
643 if ((inode != FILE_LogFile) || opt.full_logfile)
644 return rl->length;
645
646 if (image->ctx->attr->type == AT_DATA) {
647
648 /* Save at least the first 16 KiB of FILE_LogFile */
649 s64 s = (s64)16384 - rl->vcn * vol->cluster_size;
650 if (s > 0) {
651 s = rounded_up_division(s, vol->cluster_size);
652 if (rl->length < s)
653 s = rl->length;
654 return s;
655 }
656 return 0;
657 }
658 }
659
660 if (image->ctx->attr->type != AT_DATA)
661 return rl->length;
662
663 return 0;
664 }
665
666 static off_t tellin(int in)
667 {
668 return (lseek(in, 0, SEEK_CUR));
669 }
670
671 static int io_all(void *fd, void *buf, int count, int do_write)
672 {
673 int i;
674 struct ntfs_device *dev = fd;
675
676 while (count > 0) {
677 if (do_write) {
678 if (opt.no_action) {
679 i = count;
680 } else {
681 if (opt.save_image || opt.metadata_image)
682 i = fwrite(buf, 1, count, stream_out);
683 #ifdef HAVE_WINDOWS_H
684 else if (dev_out)
685 i = dev_out->d_ops->write(dev_out,
686 buf, count);
687 #endif
688 else
689 i = write(*(int *)fd, buf, count);
690 }
691 } else if (opt.restore_image)
692 i = read(*(int *)fd, buf, count);
693 else
694 i = dev->d_ops->read(dev, buf, count);
695 if (i < 0) {
696 if (errno != EAGAIN && errno != EINTR)
697 return -1;
698 } else if (i == 0 && !do_write && opt.restore_image) {
699 return -1;
700 } else {
701 count -= i;
702 buf = i + (char *) buf;
703 }
704 }
705 return 0;
706 }
707
708
709 static void rescue_sector(void *fd, u32 bytes_per_sector, off_t pos, void *buff)
710 {
711 const char badsector_magic[] = "BadSectoR";
712 struct ntfs_device *dev = fd;
713
714 if (opt.restore_image) {
715 if (!opt.no_action
716 && (lseek(*(int *)fd, pos, SEEK_SET) == (off_t)-1))
717 perr_exit("lseek");
718 } else {
719 if (vol->dev->d_ops->seek(dev, pos, SEEK_SET) == (off_t)-1)
720 perr_exit("seek input");
721 }
722
723 if (read_all(fd, buff, bytes_per_sector) == -1) {
724 Printf("WARNING: Can't read sector at %llu, lost data.\n",
725 (unsigned long long)pos);
726 memset(buff, '?', bytes_per_sector);
727 memmove(buff, badsector_magic, sizeof(badsector_magic));
728 }
729 }
730
731 /*
732 * Read a cluster, try to rescue if cannot read
733 */
734
735 static void read_rescue(void *fd, char *buff, u32 csize, u32 bytes_per_sector,
736 u64 rescue_lcn)
737 {
738 off_t rescue_pos;
739
740 if (read_all(fd, buff, csize) == -1) {
741
742 if (errno != EIO)
743 perr_exit("read_all");
744 else if (opt.rescue){
745 u32 i;
746
747 rescue_pos = (off_t)(rescue_lcn * csize);
748 for (i = 0; i < csize; i += bytes_per_sector)
749 rescue_sector(fd, bytes_per_sector,
750 rescue_pos + i, buff + i);
751 } else {
752 Printf("%s", bad_sectors_warning_msg);
753 err_exit("Disk is faulty, can't make full backup!");
754 }
755 }
756 }
757
758 static void copy_cluster(int rescue, u64 rescue_lcn, u64 lcn)
759 {
760 char *buff;
761 /* vol is NULL if opt.restore_image is set */
762 s32 csize = le32_to_cpu(image_hdr.cluster_size);
763 BOOL backup_bootsector;
764 void *fd = (void *)&fd_in;
765 off_t rescue_pos;
766 NTFS_BOOT_SECTOR *bs;
767 le64 mask;
768 static u16 bytes_per_sector = NTFS_SECTOR_SIZE;
769
770 if (!opt.restore_image) {
771 csize = vol->cluster_size;
772 bytes_per_sector = vol->sector_size;
773 fd = vol->dev;
774 }
775
776 rescue_pos = (off_t)(rescue_lcn * csize);
777 buff = (char*)ntfs_malloc(csize);
778 if (!buff)
779 err_exit("Not enough memory");
780
781 /* possible partial cluster holding the backup boot sector */
782 backup_bootsector = (lcn + 1)*csize >= full_device_size;
783 if (backup_bootsector) {
784 csize = full_device_size - lcn*csize;
785 if (csize < 0) {
786 err_exit("Corrupted input, copy aborted");
787 }
788 }
789
790 // need reading when not about to write ?
791 if (read_all(fd, buff, csize) == -1) {
792
793 if (errno != EIO) {
794 if (!errno && opt.restore_image)
795 err_exit("Short image file...\n");
796 else
797 perr_exit("read_all");
798 }
799 else if (rescue){
800 s32 i;
801 for (i = 0; i < csize; i += bytes_per_sector)
802 rescue_sector(fd, bytes_per_sector,
803 rescue_pos + i, buff + i);
804 } else {
805 Printf("%s", bad_sectors_warning_msg);
806 err_exit("Disk is faulty, can't make full backup!");
807 }
808 }
809
810 /* Set the new serial number if requested */
811 if (opt.new_serial
812 && !opt.save_image
813 && (!lcn || backup_bootsector)) {
814 /*
815 * For updating the backup boot sector, we need to
816 * know the sector size, but this is not recorded
817 * in the image header, so we collect it on the fly
818 * while reading the first boot sector.
819 */
820 if (!lcn) {
821 bs = (NTFS_BOOT_SECTOR*)buff;
822 bytes_per_sector = le16_to_cpu(bs->bpb.bytes_per_sector);
823 if ((bytes_per_sector > csize)
824 || (bytes_per_sector < NTFS_SECTOR_SIZE))
825 bytes_per_sector = NTFS_SECTOR_SIZE;
826 } else
827 bs = (NTFS_BOOT_SECTOR*)(buff
828 + csize - bytes_per_sector);
829 if (opt.new_serial & 2)
830 bs->volume_serial_number = volume_serial_number;
831 else {
832 mask = const_cpu_to_le64(~0x0ffffffffULL);
833 bs->volume_serial_number
834 = (volume_serial_number & mask)
835 | (bs->volume_serial_number & ~mask);
836 }
837 /* Show the new full serial after merging */
838 if (!lcn)
839 Printf("New serial number : 0x%llx\n",
840 (long long)le64_to_cpu(
841 bs->volume_serial_number));
842 }
843
844 if (opt.save_image || (opt.metadata_image && wipe)) {
845 char cmd = CMD_NEXT;
846 if (write_all(&fd_out, &cmd, sizeof(cmd)) == -1)
847 perr_exit("write_all");
848 }
849
850 if ((!opt.metadata_image || wipe)
851 && (write_all(&fd_out, buff, csize) == -1)) {
852 #ifndef NO_STATFS
853 int err = errno;
854 perr_printf("Write failed");
855 if (err == EIO && opt.stfs.f_type == 0x517b)
856 Printf("Apparently you tried to clone to a remote "
857 "Windows computer but they don't\nhave "
858 "efficient sparse file handling by default. "
859 "Please try a different method.\n");
860 exit(1);
861 #else
862 perr_printf("Write failed");
863 #endif
864 }
865 free(buff);
866 }
867
868 static s64 lseek_out(int fd, s64 pos, int mode)
869 {
870 s64 ret;
871
872 if (dev_out)
873 ret = (dev_out->d_ops->seek)(dev_out, pos, mode);
874 else
875 ret = lseek(fd, pos, mode);
876 return (ret);
877 }
878
879 static void lseek_to_cluster(s64 lcn)
880 {
881 off_t pos;
882
883 pos = (off_t)(lcn * vol->cluster_size);
884
885 if (vol->dev->d_ops->seek(vol->dev, pos, SEEK_SET) == (off_t)-1)
886 perr_exit("lseek input");
887
888 if (opt.std_out || opt.save_image || opt.metadata_image)
889 return;
890
891 if (lseek_out(fd_out, pos, SEEK_SET) == (off_t)-1)
892 perr_exit("lseek output");
893 }
894
895 static void gap_to_cluster(s64 gap)
896 {
897 sle64 count;
898 char buf[1 + sizeof(count)];
899
900 if (gap) {
901 count = cpu_to_sle64(gap);
902 buf[0] = CMD_GAP;
903 memcpy(&buf[1], &count, sizeof(count));
904 if (write_all(&fd_out, buf, sizeof(buf)) == -1)
905 perr_exit("write_all");
906 }
907 }
908
909 static void image_skip_clusters(s64 count)
910 {
911 if (opt.save_image && count > 0) {
912 sle64 count_buf;
913 char buff[1 + sizeof(count)];
914
915 buff[0] = CMD_GAP;
916 count_buf = cpu_to_sle64(count);
917 memcpy(buff + 1, &count_buf, sizeof(count_buf));
918
919 if (write_all(&fd_out, buff, sizeof(buff)) == -1)
920 perr_exit("write_all");
921 }
922 }
923
924 static void write_image_hdr(void)
925 {
926 char alignment[IMAGE_HDR_ALIGN];
927
928 if (opt.save_image || opt.metadata_image) {
929 int alignsize = le32_to_cpu(image_hdr.offset_to_image_data)
930 - sizeof(image_hdr);
931 memset(alignment,0,IMAGE_HDR_ALIGN);
932 if ((alignsize < 0)
933 || write_all(&fd_out, &image_hdr, sizeof(image_hdr))
934 || write_all(&fd_out, alignment, alignsize))
935 perr_exit("write_all");
936 }
937 }
938
939 static void clone_ntfs(u64 nr_clusters, int more_use)
940 {
941 u64 cl, last_cl; /* current and last used cluster */
942 void *buf;
943 u32 csize = vol->cluster_size;
944 u64 p_counter = 0;
945 char alignment[IMAGE_HDR_ALIGN];
946 struct progress_bar progress;
947
948 if (opt.save_image)
949 Printf("Saving NTFS to image ...\n");
950 else
951 Printf("Cloning NTFS ...\n");
952
953 if (opt.new_serial)
954 generate_serial_number();
955
956 buf = ntfs_calloc(csize);
957 if (!buf)
958 perr_exit("clone_ntfs");
959
960 progress_init(&progress, p_counter, nr_clusters, 100);
961
962 if (opt.save_image) {
963 int alignsize = le32_to_cpu(image_hdr.offset_to_image_data)
964 - sizeof(image_hdr);
965 memset(alignment,0,IMAGE_HDR_ALIGN);
966 if ((alignsize < 0)
967 || write_all(&fd_out, &image_hdr, sizeof(image_hdr))
968 || write_all(&fd_out, alignment, alignsize))
969 perr_exit("write_all");
970 }
971
972 /* save suspicious clusters if required */
973 if (more_use && opt.ignore_fs_check) {
974 compare_bitmaps(&lcn_bitmap, TRUE);
975 }
976 /* Examine up to the alternate boot sector */
977 for (last_cl = cl = 0; cl <= (u64)vol->nr_clusters; cl++) {
978
979 if (ntfs_bit_get(lcn_bitmap.bm, cl)) {
980 progress_update(&progress, ++p_counter);
981 lseek_to_cluster(cl);
982 image_skip_clusters(cl - last_cl - 1);
983
984 copy_cluster(opt.rescue, cl, cl);
985 last_cl = cl;
986 continue;
987 }
988
989 if (opt.std_out && !opt.save_image) {
990 progress_update(&progress, ++p_counter);
991 if (write_all(&fd_out, buf, csize) == -1)
992 perr_exit("write_all");
993 }
994 }
995 image_skip_clusters(cl - last_cl - 1);
996 free(buf);
997 }
998
999 static void write_empty_clusters(s32 csize, s64 count,
1000 struct progress_bar *progress, u64 *p_counter)
1001 {
1002 s64 i;
1003 char *buff;
1004
1005 buff = (char*)ntfs_malloc(csize);
1006 if (!buff)
1007 err_exit("Not enough memory");
1008
1009 memset(buff, 0, csize);
1010
1011 for (i = 0; i < count; i++) {
1012 if (write_all(&fd_out, buff, csize) == -1)
1013 perr_exit("write_all");
1014 progress_update(progress, ++(*p_counter));
1015 }
1016 free(buff);
1017 }
1018
1019 static void restore_image(void)
1020 {
1021 s64 pos = 0, count;
1022 s32 csize = le32_to_cpu(image_hdr.cluster_size);
1023 char cmd;
1024 u64 p_counter = 0;
1025 struct progress_bar progress;
1026
1027 Printf("Restoring NTFS from image ...\n");
1028
1029 progress_init(&progress, p_counter, opt.std_out ?
1030 (u64)sle64_to_cpu(image_hdr.nr_clusters) + 1 :
1031 le64_to_cpu(image_hdr.inuse) + 1,
1032 100);
1033
1034 if (opt.new_serial)
1035 generate_serial_number();
1036
1037 /* Restore up to the alternate boot sector */
1038 while (pos <= sle64_to_cpu(image_hdr.nr_clusters)) {
1039 if (read_all(&fd_in, &cmd, sizeof(cmd)) == -1) {
1040 if (pos == sle64_to_cpu(image_hdr.nr_clusters)) {
1041 /* alternate boot sector no present in old images */
1042 Printf("Warning : no alternate boot"
1043 " sector in image\n");
1044 break;
1045 } else
1046 perr_exit("read_all");
1047 }
1048
1049 if (cmd == CMD_GAP) {
1050 if (!image_is_host_endian) {
1051 sle64 lecount;
1052
1053 /* little endian image, on any computer */
1054 if (read_all(&fd_in, &lecount,
1055 sizeof(lecount)) == -1)
1056 perr_exit("read_all");
1057 count = sle64_to_cpu(lecount);
1058 } else {
1059 /* big endian image on big endian computer */
1060 if (read_all(&fd_in, &count,
1061 sizeof(count)) == -1)
1062 perr_exit("read_all");
1063 }
1064 if (!count)
1065 err_exit("Bad offset at input location 0x%llx\n",
1066 (long long)tellin(fd_in) - 9);
1067 if (opt.std_out) {
1068 if ((!p_counter && count) || (count < 0))
1069 err_exit("Cannot restore a metadata"
1070 " image to stdout\n");
1071 else
1072 write_empty_clusters(csize, count,
1073 &progress, &p_counter);
1074 } else {
1075 if (((pos + count) < 0)
1076 || ((pos + count)
1077 > sle64_to_cpu(image_hdr.nr_clusters)))
1078 err_exit("restore_image: corrupt image "
1079 "at input offset %lld\n",
1080 (long long)tellin(fd_in) - 9);
1081 else {
1082 if (!opt.no_action
1083 && (lseek_out(fd_out, count * csize,
1084 SEEK_CUR) == (off_t)-1))
1085 perr_exit("restore_image: lseek");
1086 }
1087 }
1088 pos += count;
1089 } else if (cmd == CMD_NEXT) {
1090 copy_cluster(0, 0, pos);
1091 pos++;
1092 progress_update(&progress, ++p_counter);
1093 } else
1094 err_exit("Invalid command code %d at input offset 0x%llx\n",
1095 cmd, (long long)tellin(fd_in) - 1);
1096 }
1097 }
1098
1099 static void wipe_index_entry_timestams(INDEX_ENTRY *e)
1100 {
1101 static const struct timespec zero_time = { .tv_sec = 0, .tv_nsec = 0 };
1102 sle64 timestamp = timespec2ntfs(zero_time);
1103
1104 /* FIXME: can fall into infinite loop if corrupted */
1105 while (!(e->ie_flags & INDEX_ENTRY_END)) {
1106
1107 e->key.file_name.creation_time = timestamp;
1108 e->key.file_name.last_data_change_time = timestamp;
1109 e->key.file_name.last_mft_change_time = timestamp;
1110 e->key.file_name.last_access_time = timestamp;
1111
1112 wiped_timestamp_data += 32;
1113
1114 e = (INDEX_ENTRY *)((u8 *)e + le16_to_cpu(e->length));
1115 }
1116 }
1117
1118 static void wipe_index_allocation_timestamps(ntfs_inode *ni, ATTR_RECORD *attr)
1119 {
1120 INDEX_ALLOCATION *indexa, *tmp_indexa;
1121 INDEX_ENTRY *entry;
1122 INDEX_ROOT *indexr;
1123 u8 *bitmap, *byte;
1124 int bit;
1125 ntfs_attr *na;
1126 ntfschar *name;
1127 u32 name_len;
1128
1129 indexr = ntfs_index_root_get(ni, attr);
1130 if (!indexr) {
1131 perr_printf("Failed to read $INDEX_ROOT attribute of inode "
1132 "%lld", (long long)ni->mft_no);
1133 return;
1134 }
1135
1136 if (indexr->type != AT_FILE_NAME)
1137 goto out_indexr;
1138
1139 name = (ntfschar *)((u8 *)attr + le16_to_cpu(attr->name_offset));
1140 name_len = attr->name_length;
1141
1142 byte = bitmap = ntfs_attr_readall(ni, AT_BITMAP, name, name_len,
1143 NULL);
1144 if (!byte) {
1145 perr_printf("Failed to read $BITMAP attribute");
1146 goto out_indexr;
1147 }
1148
1149 na = ntfs_attr_open(ni, AT_INDEX_ALLOCATION, name, name_len);
1150 if (!na) {
1151 perr_printf("Failed to open $INDEX_ALLOCATION attribute");
1152 goto out_bitmap;
1153 }
1154
1155 if (!na->data_size)
1156 goto out_na;
1157
1158 tmp_indexa = indexa = ntfs_malloc(na->data_size);
1159 if (!tmp_indexa)
1160 goto out_na;
1161
1162 if (ntfs_attr_pread(na, 0, na->data_size, indexa) != na->data_size) {
1163 perr_printf("Failed to read $INDEX_ALLOCATION attribute");
1164 goto out_indexa;
1165 }
1166
1167 bit = 0;
1168 while ((u8 *)tmp_indexa < (u8 *)indexa + na->data_size) {
1169 if (*byte & (1 << bit)) {
1170 if (ntfs_mst_post_read_fixup((NTFS_RECORD *)tmp_indexa,
1171 le32_to_cpu(
1172 indexr->index_block_size))) {
1173 perr_printf("Damaged INDX record");
1174 goto out_indexa;
1175 }
1176 entry = (INDEX_ENTRY *)((u8 *)tmp_indexa + le32_to_cpu(
1177 tmp_indexa->index.entries_offset) + 0x18);
1178
1179 wipe_index_entry_timestams(entry);
1180
1181 if (ntfs_mft_usn_dec((MFT_RECORD *)tmp_indexa))
1182 perr_exit("ntfs_mft_usn_dec");
1183
1184 if (ntfs_mst_pre_write_fixup((NTFS_RECORD *)tmp_indexa,
1185 le32_to_cpu(
1186 indexr->index_block_size))) {
1187 perr_printf("INDX write fixup failed");
1188 goto out_indexa;
1189 }
1190 }
1191 tmp_indexa = (INDEX_ALLOCATION *)((u8 *)tmp_indexa +
1192 le32_to_cpu(indexr->index_block_size));
1193 bit++;
1194 if (bit > 7) {
1195 bit = 0;
1196 byte++;
1197 }
1198 }
1199 if (ntfs_rl_pwrite(vol, na->rl, 0, 0, na->data_size, indexa) != na->data_size)
1200 perr_printf("ntfs_rl_pwrite failed for inode %lld",
1201 (long long)ni->mft_no);
1202 out_indexa:
1203 free(indexa);
1204 out_na:
1205 ntfs_attr_close(na);
1206 out_bitmap:
1207 free(bitmap);
1208 out_indexr:
1209 free(indexr);
1210 }
1211
1212 static void wipe_index_root_timestamps(ATTR_RECORD *attr, sle64 timestamp)
1213 {
1214 INDEX_ENTRY *entry;
1215 INDEX_ROOT *iroot;
1216
1217 iroot = (INDEX_ROOT *)((u8 *)attr + le16_to_cpu(attr->value_offset));
1218 entry = (INDEX_ENTRY *)((u8 *)iroot +
1219 le32_to_cpu(iroot->index.entries_offset) + 0x10);
1220
1221 while (!(entry->ie_flags & INDEX_ENTRY_END)) {
1222
1223 if (iroot->type == AT_FILE_NAME) {
1224
1225 entry->key.file_name.creation_time = timestamp;
1226 entry->key.file_name.last_access_time = timestamp;
1227 entry->key.file_name.last_data_change_time = timestamp;
1228 entry->key.file_name.last_mft_change_time = timestamp;
1229
1230 wiped_timestamp_data += 32;
1231
1232 } else if (ntfs_names_are_equal(NTFS_INDEX_Q,
1233 sizeof(NTFS_INDEX_Q) / 2 - 1,
1234 (ntfschar *)((char *)attr +
1235 le16_to_cpu(attr->name_offset)),
1236 attr->name_length, CASE_SENSITIVE, NULL, 0)) {
1237
1238 QUOTA_CONTROL_ENTRY *quota_q;
1239
1240 quota_q = (QUOTA_CONTROL_ENTRY *)((u8 *)entry +
1241 le16_to_cpu(entry->data_offset));
1242 /*
1243 * FIXME: no guarantee it's indeed /$Extend/$Quota:$Q.
1244 * For now, as a minimal safeguard, we check only for
1245 * quota version 2 ...
1246 */
1247 if (le32_to_cpu(quota_q->version) == 2) {
1248 quota_q->change_time = timestamp;
1249 wiped_timestamp_data += 4;
1250 }
1251 }
1252
1253 entry = (INDEX_ENTRY*)((u8*)entry + le16_to_cpu(entry->length));
1254 }
1255 }
1256
1257 #define WIPE_TIMESTAMPS(atype, attr, timestamp) \
1258 do { \
1259 atype *ats; \
1260 ats = (atype *)((char *)(attr) + le16_to_cpu((attr)->value_offset)); \
1261 \
1262 ats->creation_time = (timestamp); \
1263 ats->last_data_change_time = (timestamp); \
1264 ats->last_mft_change_time= (timestamp); \
1265 ats->last_access_time = (timestamp); \
1266 \
1267 wiped_timestamp_data += 32; \
1268 \
1269 } while (0)
1270
1271 static void wipe_timestamps(ntfs_walk_clusters_ctx *image)
1272 {
1273 static const struct timespec zero_time = { .tv_sec = 0, .tv_nsec = 0 };
1274 ATTR_RECORD *a = image->ctx->attr;
1275 sle64 timestamp = timespec2ntfs(zero_time);
1276
1277 if (a->type == AT_FILE_NAME)
1278 WIPE_TIMESTAMPS(FILE_NAME_ATTR, a, timestamp);
1279
1280 else if (a->type == AT_STANDARD_INFORMATION)
1281 WIPE_TIMESTAMPS(STANDARD_INFORMATION, a, timestamp);
1282
1283 else if (a->type == AT_INDEX_ROOT)
1284 wipe_index_root_timestamps(a, timestamp);
1285 }
1286
1287 static void wipe_resident_data(ntfs_walk_clusters_ctx *image)
1288 {
1289 ATTR_RECORD *a;
1290 u32 i;
1291 int n = 0;
1292 u8 *p;
1293
1294 a = image->ctx->attr;
1295 p = (u8*)a + le16_to_cpu(a->value_offset);
1296
1297 if (image->ni->mft_no <= LAST_METADATA_INODE)
1298 return;
1299
1300 if (a->type != AT_DATA)
1301 return;
1302
1303 for (i = 0; i < le32_to_cpu(a->value_length); i++) {
1304 if (p[i]) {
1305 p[i] = 0;
1306 n++;
1307 }
1308 }
1309
1310 wiped_resident_data += n;
1311 }
1312
1313 static int wipe_data(char *p, int pos, int len)
1314 {
1315 int wiped = 0;
1316
1317 for (p += pos; --len >= 0;) {
1318 if (p[len]) {
1319 p[len] = 0;
1320 wiped++;
1321 }
1322 }
1323
1324 return wiped;
1325 }
1326
1327 static void wipe_unused_mft_data(ntfs_inode *ni)
1328 {
1329 int unused;
1330 MFT_RECORD *m = ni->mrec;
1331
1332 /* FIXME: broken MFTMirr update was fixed in libntfs, check if OK now */
1333 if (ni->mft_no <= LAST_METADATA_INODE)
1334 return;
1335
1336 unused = le32_to_cpu(m->bytes_allocated) - le32_to_cpu(m->bytes_in_use);
1337 wiped_unused_mft_data += wipe_data((char *)m,
1338 le32_to_cpu(m->bytes_in_use), unused);
1339 }
1340
1341 static void wipe_unused_mft(ntfs_inode *ni)
1342 {
1343 int unused;
1344 MFT_RECORD *m = ni->mrec;
1345
1346 /* FIXME: broken MFTMirr update was fixed in libntfs, check if OK now */
1347 if (ni->mft_no <= LAST_METADATA_INODE)
1348 return;
1349
1350 unused = le32_to_cpu(m->bytes_in_use) - sizeof(MFT_RECORD);
1351 wiped_unused_mft += wipe_data((char *)m, sizeof(MFT_RECORD), unused);
1352 }
1353
1354 static void clone_logfile_parts(ntfs_walk_clusters_ctx *image, runlist *rl)
1355 {
1356 s64 offset = 0, lcn, vcn;
1357
1358 while (1) {
1359
1360 vcn = offset / image->ni->vol->cluster_size;
1361 lcn = ntfs_rl_vcn_to_lcn(rl, vcn);
1362 if (lcn < 0)
1363 break;
1364
1365 lseek_to_cluster(lcn);
1366
1367 if ((lcn + 1) != image->current_lcn) {
1368 /* do not duplicate a cluster */
1369 if (opt.metadata_image && wipe)
1370 gap_to_cluster(lcn - image->current_lcn);
1371
1372 copy_cluster(opt.rescue, lcn, lcn);
1373 }
1374 image->current_lcn = lcn + 1;
1375 if (opt.metadata_image && !wipe)
1376 image->inuse++;
1377
1378 if (offset == 0)
1379 offset = NTFS_BLOCK_SIZE >> 1;
1380 else
1381 offset <<= 1;
1382 }
1383 }
1384
1385 /*
1386 * In-memory wiping of MFT record or MFTMirr record
1387 * (only for metadata images)
1388 *
1389 * The resident data and (optionally) the timestamps are wiped.
1390 */
1391
1392 static void wipe_mft(char *mrec, u32 mrecsz, u64 mft_no)
1393 {
1394 ntfs_walk_clusters_ctx image;
1395 ntfs_attr_search_ctx *ctx;
1396 ntfs_inode ni;
1397
1398 ni.mft_no = mft_no;
1399 ni.mrec = (MFT_RECORD*)mrec;
1400 ni.vol = vol; /* Hmm */
1401 image.ni = ∋
1402 ntfs_mst_post_read_fixup_warn((NTFS_RECORD*)mrec,mrecsz,FALSE);
1403 wipe_unused_mft_data(&ni);
1404 if (!(((MFT_RECORD*)mrec)->flags & MFT_RECORD_IN_USE)) {
1405 wipe_unused_mft(&ni);
1406 } else {
1407 /* ctx with no ntfs_inode prevents from searching external attrs */
1408 if (!(ctx = ntfs_attr_get_search_ctx((ntfs_inode*)NULL, (MFT_RECORD*)mrec)))
1409 perr_exit("ntfs_get_attr_search_ctx");
1410
1411 while (!ntfs_attr_lookup(AT_UNUSED, NULL, 0, CASE_SENSITIVE, 0,
1412 NULL, 0, ctx)) {
1413 if (ctx->attr->type == AT_END)
1414 break;
1415
1416 image.ctx = ctx;
1417 if (!ctx->attr->non_resident
1418 && (mft_no > LAST_METADATA_INODE))
1419 wipe_resident_data(&image);
1420 if (!opt.preserve_timestamps)
1421 wipe_timestamps(&image);
1422 }
1423 ntfs_attr_put_search_ctx(ctx);
1424 }
1425 ntfs_mft_usn_dec((MFT_RECORD*)mrec);
1426 ntfs_mst_pre_write_fixup((NTFS_RECORD*)mrec,mrecsz);
1427 }
1428
1429 /*
1430 * In-memory wiping of a directory record (I30)
1431 * (only for metadata images)
1432 *
1433 * The timestamps are (optionally) wiped
1434 */
1435
1436 static void wipe_indx(char *mrec, u32 mrecsz)
1437 {
1438 INDEX_ENTRY *entry;
1439 INDEX_ALLOCATION *indexa;
1440
1441 if (ntfs_mst_post_read_fixup((NTFS_RECORD *)mrec, mrecsz)) {
1442 perr_printf("Damaged INDX record");
1443 goto out_indexa;
1444 }
1445 indexa = (INDEX_ALLOCATION*)mrec;
1446 /*
1447 * The index bitmap is not checked, obsoleted records are
1448 * wiped if they pass the safety checks
1449 */
1450 if ((indexa->magic == magic_INDX)
1451 && (le32_to_cpu(indexa->index.entries_offset) >= sizeof(INDEX_HEADER))
1452 && (le32_to_cpu(indexa->index.allocated_size) <= mrecsz)) {
1453 entry = (INDEX_ENTRY *)((u8 *)mrec + le32_to_cpu(
1454 indexa->index.entries_offset) + 0x18);
1455 wipe_index_entry_timestams(entry);
1456 }
1457
1458 if (ntfs_mft_usn_dec((MFT_RECORD *)mrec))
1459 perr_exit("ntfs_mft_usn_dec");
1460
1461 if (ntfs_mst_pre_write_fixup((NTFS_RECORD *)mrec, mrecsz)) {
1462 perr_printf("INDX write fixup failed");
1463 goto out_indexa;
1464 }
1465 out_indexa : ;
1466 }
1467
1468 /*
1469 * Output a set of related clusters (MFT record or index block)
1470 */
1471
1472 static void write_set(char *buff, u32 csize, s64 *current_lcn,
1473 runlist_element *rl, u32 wi, u32 wj, u32 cnt)
1474 {
1475 u32 k;
1476 s64 target_lcn;
1477 char cmd = CMD_NEXT;
1478
1479 for (k=0; k<cnt; k++) {
1480 target_lcn = rl[wi].lcn + wj;
1481 if (target_lcn != *current_lcn)
1482 gap_to_cluster(target_lcn - *current_lcn);
1483 if ((write_all(&fd_out, &cmd, sizeof(cmd)) == -1)
1484 || (write_all(&fd_out, &buff[k*csize], csize) == -1))
1485 perr_exit("Failed to write_all");
1486 *current_lcn = target_lcn + 1;
1487
1488 if (++wj >= rl[wi].length) {
1489 wj = 0;
1490 wi++;
1491 }
1492 }
1493 }
1494
1495 /*
1496 * Copy and wipe the full MFT or MFTMirr data.
1497 * (only for metadata images)
1498 *
1499 * Data are read and written by full clusters, but the wiping is done
1500 * per MFT record.
1501 */
1502
1503 static void copy_wipe_mft(ntfs_walk_clusters_ctx *image, runlist *rl)
1504 {
1505 char *buff;
1506 void *fd;
1507 s64 mft_no;
1508 u32 mft_record_size;
1509 u32 csize;
1510 u32 buff_size;
1511 u32 bytes_per_sector;
1512 u32 records_per_set;
1513 u32 clusters_per_set;
1514 u32 wi,wj; /* indexes for reading */
1515 u32 ri,rj; /* indexes for writing */
1516 u32 k; /* lcn within run */
1517 u32 r; /* mft_record within set */
1518 s64 current_lcn;
1519
1520 current_lcn = image->current_lcn;
1521 mft_record_size = image->ni->vol->mft_record_size;
1522 csize = image->ni->vol->cluster_size;
1523 bytes_per_sector = image->ni->vol->sector_size;
1524 fd = image->ni->vol->dev;
1525 /*
1526 * Depending on the sizes, there may be several records
1527 * per cluster, or several clusters per record.
1528 * Anyway, records are read and rescued by full clusters.
1529 */
1530 if (csize >= mft_record_size) {
1531 records_per_set = csize/mft_record_size;
1532 clusters_per_set = 1;
1533 buff_size = csize;
1534 } else {
1535 clusters_per_set = mft_record_size/csize;
1536 records_per_set = 1;
1537 buff_size = mft_record_size;
1538 }
1539 buff = (char*)ntfs_malloc(buff_size);
1540 if (!buff)
1541 err_exit("Not enough memory");
1542
1543 mft_no = 0;
1544 ri = rj = 0;
1545 wi = wj = 0;
1546 if (rl[ri].length)
1547 lseek_to_cluster(rl[ri].lcn);
1548 while (rl[ri].length) {
1549 for (k=0; (k<clusters_per_set) && rl[ri].length; k++) {
1550 read_rescue(fd, &buff[k*csize], csize, bytes_per_sector,
1551 rl[ri].lcn + rj);
1552 if (++rj >= rl[ri].length) {
1553 rj = 0;
1554 if (rl[++ri].length)
1555 lseek_to_cluster(rl[ri].lcn);
1556 }
1557 }
1558 if (k == clusters_per_set) {
1559 for (r=0; r<records_per_set; r++) {
1560 if (!strncmp(&buff[r*mft_record_size],"FILE",4))
1561 wipe_mft(&buff[r*mft_record_size],
1562 mft_record_size, mft_no);
1563 mft_no++;
1564 }
1565 write_set(buff, csize, ¤t_lcn,
1566 rl, wi, wj, clusters_per_set);
1567 wj += clusters_per_set;
1568 while (rl[wi].length && (wj >= rl[wi].length))
1569 wj -= rl[wi++].length;
1570 } else {
1571 err_exit("Short last MFT record\n");
1572 }
1573 }
1574 image->current_lcn = current_lcn;
1575 free(buff);
1576 }
1577
1578 /*
1579 * Copy and wipe the non-resident part of a directory index
1580 * (only for metadata images)
1581 *
1582 * Data are read and written by full clusters, but the wiping is done
1583 * per index record.
1584 */
1585
1586 static void copy_wipe_i30(ntfs_walk_clusters_ctx *image, runlist *rl)
1587 {
1588 char *buff;
1589 void *fd;
1590 u32 indx_record_size;
1591 u32 csize;
1592 u32 buff_size;
1593 u32 bytes_per_sector;
1594 u32 records_per_set;
1595 u32 clusters_per_set;
1596 u32 wi,wj; /* indexes for reading */
1597 u32 ri,rj; /* indexes for writing */
1598 u32 k; /* lcn within run */
1599 u32 r; /* mft_record within set */
1600 s64 current_lcn;
1601
1602 current_lcn = image->current_lcn;
1603 csize = image->ni->vol->cluster_size;
1604 bytes_per_sector = image->ni->vol->sector_size;
1605 fd = image->ni->vol->dev;
1606 /*
1607 * Depending on the sizes, there may be several records
1608 * per cluster, or several clusters per record.
1609 * Anyway, records are read and rescued by full clusters.
1610 */
1611 indx_record_size = image->ni->vol->indx_record_size;
1612 if (csize >= indx_record_size) {
1613 records_per_set = csize/indx_record_size;
1614 clusters_per_set = 1;
1615 buff_size = csize;
1616 } else {
1617 clusters_per_set = indx_record_size/csize;
1618 records_per_set = 1;
1619 buff_size = indx_record_size;
1620 }
1621 buff = (char*)ntfs_malloc(buff_size);
1622 if (!buff)
1623 err_exit("Not enough memory");
1624
1625 ri = rj = 0;
1626 wi = wj = 0;
1627 if (rl[ri].length)
1628 lseek_to_cluster(rl[ri].lcn);
1629 while (rl[ri].length) {
1630 for (k=0; (k<clusters_per_set) && rl[ri].length; k++) {
1631 read_rescue(fd, &buff[k*csize], csize, bytes_per_sector,
1632 rl[ri].lcn + rj);
1633 if (++rj >= rl[ri].length) {
1634 rj = 0;
1635 if (rl[++ri].length)
1636 lseek_to_cluster(rl[ri].lcn);
1637 }
1638 }
1639 if (k == clusters_per_set) {
1640 /* wipe records_per_set records */
1641 if (!opt.preserve_timestamps)
1642 for (r=0; r<records_per_set; r++) {
1643 if (!strncmp(&buff[r*indx_record_size],"INDX",4))
1644 wipe_indx(&buff[r*indx_record_size],
1645 indx_record_size);
1646 }
1647 write_set(buff, csize, ¤t_lcn,
1648 rl, wi, wj, clusters_per_set);
1649 wj += clusters_per_set;
1650 while (rl[wi].length && (wj >= rl[wi].length))
1651 wj -= rl[wi++].length;
1652 } else {
1653 err_exit("Short last directory index record\n");
1654 }
1655 }
1656 image->current_lcn = current_lcn;
1657 free(buff);
1658 }
1659
1660 static void dump_clusters(ntfs_walk_clusters_ctx *image, runlist *rl)
1661 {
1662 s64 i, len; /* number of clusters to copy */
1663
1664 if (opt.restore_image)
1665 err_exit("Bug : invalid dump_clusters()\n");
1666
1667 if ((opt.std_out && !opt.metadata_image) || !opt.metadata)
1668 return;
1669 if (!(len = is_critical_metadata(image, rl)))
1670 return;
1671
1672 lseek_to_cluster(rl->lcn);
1673 if (opt.metadata_image ? wipe : !wipe) {
1674 if (opt.metadata_image)
1675 gap_to_cluster(rl->lcn - image->current_lcn);
1676 /* FIXME: this could give pretty suboptimal performance */
1677 for (i = 0; i < len; i++)
1678 copy_cluster(opt.rescue, rl->lcn + i, rl->lcn + i);
1679 if (opt.metadata_image)
1680 image->current_lcn = rl->lcn + len;
1681 }
1682 }
1683
1684 static void walk_runs(struct ntfs_walk_cluster *walk)
1685 {
1686 int i, j;
1687 runlist *rl;
1688 ATTR_RECORD *a;
1689 ntfs_attr_search_ctx *ctx;
1690 BOOL mft_data;
1691 BOOL index_i30;
1692
1693 ctx = walk->image->ctx;
1694 a = ctx->attr;
1695
1696 if (!a->non_resident) {
1697 if (wipe) {
1698 wipe_resident_data(walk->image);
1699 if (!opt.preserve_timestamps)
1700 wipe_timestamps(walk->image);
1701 }
1702 return;
1703 }
1704
1705 if (wipe
1706 && !opt.preserve_timestamps
1707 && walk->image->ctx->attr->type == AT_INDEX_ALLOCATION)
1708 wipe_index_allocation_timestamps(walk->image->ni, a);
1709
1710 if (!(rl = ntfs_mapping_pairs_decompress(vol, a, NULL)))
1711 perr_exit("ntfs_decompress_mapping_pairs");
1712
1713 /* special wipings for MFT records and directory indexes */
1714 mft_data = ((walk->image->ni->mft_no == FILE_MFT)
1715 || (walk->image->ni->mft_no == FILE_MFTMirr))
1716 && (a->type == AT_DATA);
1717 index_i30 = (walk->image->ctx->attr->type == AT_INDEX_ALLOCATION)
1718 && (a->name_length == 4)
1719 && !memcmp((char*)a + le16_to_cpu(a->name_offset),
1720 NTFS_INDEX_I30,8);
1721
1722 for (i = 0; rl[i].length; i++) {
1723 s64 lcn = rl[i].lcn;
1724 s64 lcn_length = rl[i].length;
1725
1726 if (lcn == LCN_HOLE || lcn == LCN_RL_NOT_MAPPED)
1727 continue;
1728
1729 /* FIXME: ntfs_mapping_pairs_decompress should return error */
1730 if (lcn < 0 || lcn_length < 0)
1731 err_exit("Corrupt runlist in inode %lld attr %x LCN "
1732 "%llx length %llx\n",
1733 (long long)ctx->ntfs_ino->mft_no,
1734 (unsigned int)le32_to_cpu(a->type),
1735 (long long)lcn, (long long)lcn_length);
1736
1737 if (opt.metadata_image ? wipe && !mft_data && !index_i30 : !wipe)
1738 dump_clusters(walk->image, rl + i);
1739
1740 for (j = 0; j < lcn_length; j++) {
1741 u64 k = (u64)lcn + j;
1742 if (ntfs_bit_get_and_set(lcn_bitmap.bm, k, 1)) {
1743 if (opt.ignore_fs_check)
1744 Printf("Cluster %llu is referenced"
1745 " twice!\n",
1746 (unsigned long long)k);
1747 else
1748 err_exit("Cluster %llu referenced"
1749 " twice!\nYou didn't shutdown"
1750 " your Windows properly?\n",
1751 (unsigned long long)k);
1752 }
1753 }
1754
1755 if (!opt.metadata_image)
1756 walk->image->inuse += lcn_length;
1757 /*
1758 * For a metadata image, we have to compute the
1759 * number of metadata clusters for the percentages
1760 * to be displayed correctly while restoring.
1761 */
1762 if (!wipe && opt.metadata_image) {
1763 if ((walk->image->ni->mft_no == FILE_LogFile)
1764 && (walk->image->ctx->attr->type == AT_DATA)) {
1765 /* 16 KiB of FILE_LogFile */
1766 walk->image->inuse
1767 += is_critical_metadata(walk->image,rl);
1768 } else {
1769 if ((walk->image->ni->mft_no
1770 <= LAST_METADATA_INODE)
1771 || (walk->image->ctx->attr->type != AT_DATA))
1772 walk->image->inuse += lcn_length;
1773 }
1774 }
1775 }
1776 if (wipe && opt.metadata_image) {
1777 ntfs_attr *na;
1778 /*
1779 * Non-resident metadata has to be wiped globally,
1780 * because its logical blocks may be larger than
1781 * a cluster and split over two extents.
1782 */
1783 if (mft_data && !a->lowest_vcn) {
1784 na = ntfs_attr_open(walk->image->ni,
1785 AT_DATA, NULL, 0);
1786 if (na) {
1787 na->rl = rl;
1788 rl = (runlist_element*)NULL;
1789 if (!ntfs_attr_map_whole_runlist(na)) {
1790 copy_wipe_mft(walk->image,na->rl);
1791 } else
1792 perr_exit("Failed to map data of inode %lld",
1793 (long long)walk->image->ni->mft_no);
1794 ntfs_attr_close(na);
1795 } else
1796 perr_exit("Failed to open data of inode %lld",
1797 (long long)walk->image->ni->mft_no);
1798 }
1799 if (index_i30 && !a->lowest_vcn) {
1800 na = ntfs_attr_open(walk->image->ni,
1801 AT_INDEX_ALLOCATION, NTFS_INDEX_I30, 4);
1802 if (na) {
1803 na->rl = rl;
1804 rl = (runlist_element*)NULL;
1805 if (!ntfs_attr_map_whole_runlist(na)) {
1806 copy_wipe_i30(walk->image,na->rl);
1807 } else
1808 perr_exit("Failed to map index of inode %lld",
1809 (long long)walk->image->ni->mft_no);
1810 ntfs_attr_close(na);
1811 } else
1812 perr_exit("Failed to open index of inode %lld",
1813 (long long)walk->image->ni->mft_no);
1814 }
1815 }
1816 if (opt.metadata
1817 && (opt.metadata_image || !wipe)
1818 && (walk->image->ni->mft_no == FILE_LogFile)
1819 && (walk->image->ctx->attr->type == AT_DATA))
1820 clone_logfile_parts(walk->image, rl);
1821
1822 free(rl);
1823 }
1824
1825
1826 static void walk_attributes(struct ntfs_walk_cluster *walk)
1827 {
1828 ntfs_attr_search_ctx *ctx;
1829
1830 if (!(ctx = ntfs_attr_get_search_ctx(walk->image->ni, NULL)))
1831 perr_exit("ntfs_get_attr_search_ctx");
1832
1833 while (!ntfs_attrs_walk(ctx)) {
1834 if (ctx->attr->type == AT_END)
1835 break;
1836
1837 walk->image->ctx = ctx;
1838 walk_runs(walk);
1839 }
1840
1841 ntfs_attr_put_search_ctx(ctx);
1842 }
1843
1844 /*
1845 * Compare the actual bitmap to the list of clusters
1846 * allocated to identified files.
1847 *
1848 * Clusters found in use, though not marked in the bitmap are copied
1849 * if the option --ignore-fs-checks is set.
1850 */
1851
1852 static int compare_bitmaps(struct bitmap *a, BOOL copy)
1853 {
1854 s64 i, pos, count;
1855 int mismatch = 0;
1856 int more_use = 0;
1857 s64 new_cl;
1858 u8 bm[NTFS_BUF_SIZE];
1859
1860 Printf("Accounting clusters ...\n");
1861
1862 pos = 0;
1863 new_cl = 0;
1864 while (1) {
1865 count = ntfs_attr_pread(vol->lcnbmp_na, pos, NTFS_BUF_SIZE, bm);
1866 if (count == -1)
1867 perr_exit("Couldn't get $Bitmap $DATA");
1868
1869 if (count == 0) {
1870 /* the backup bootsector need not be accounted for */
1871 if (((vol->nr_clusters + 7) >> 3) > pos)
1872 err_exit("$Bitmap size is smaller than expected"
1873 " (%lld < %lld)\n",
1874 (long long)pos, (long long)a->size);
1875 break;
1876 }
1877
1878 for (i = 0; i < count; i++, pos++) {
1879 s64 cl; /* current cluster */
1880
1881 if (a->size <= pos)
1882 goto done;
1883
1884 if (a->bm[pos] == bm[i])
1885 continue;
1886
1887 for (cl = pos * 8; cl < (pos + 1) * 8; cl++) {
1888 char bit;
1889
1890 bit = ntfs_bit_get(a->bm, cl);
1891 if (bit == ntfs_bit_get(bm, i * 8 + cl % 8))
1892 continue;
1893
1894 if (!bit)
1895 more_use++;
1896 if (opt.ignore_fs_check && !bit && copy) {
1897 lseek_to_cluster(cl);
1898 if (opt.save_image
1899 || (opt.metadata
1900 && opt.metadata_image)) {
1901 gap_to_cluster(cl - new_cl);
1902 new_cl = cl + 1;
1903 }
1904 copy_cluster(opt.rescue, cl, cl);
1905 }
1906
1907 if (++mismatch > 10)
1908 continue;
1909
1910 Printf("Cluster accounting failed at %lld "
1911 "(0x%llx): %s cluster in $Bitmap\n",
1912 (long long)cl, (unsigned long long)cl,
1913 bit ? "missing" : "extra");
1914 }
1915 }
1916 }
1917 done:
1918 if (mismatch) {
1919 Printf("Totally %d cluster accounting mismatches.\n", mismatch);
1920 if (opt.ignore_fs_check) {
1921 Printf("WARNING: The NTFS inconsistency was overruled "
1922 "by the --ignore-fs-check option.\n");
1923 if (new_cl) {
1924 gap_to_cluster(-new_cl);
1925 }
1926 return (more_use);
1927 }
1928 err_exit("Filesystem check failed! Windows wasn't shutdown "
1929 "properly or inconsistent\nfilesystem. Please run "
1930 "chkdsk /f on Windows then reboot it TWICE.\n");
1931 }
1932 return (more_use);
1933 }
1934
1935
1936 static void mft_record_write_with_same_usn(ntfs_volume *volume, ntfs_inode *ni)
1937 {
1938 if (ntfs_mft_usn_dec(ni->mrec))
1939 perr_exit("ntfs_mft_usn_dec");
1940
1941 if (ntfs_mft_record_write(volume, ni->mft_no, ni->mrec))
1942 perr_exit("ntfs_mft_record_write");
1943 }
1944
1945 static void mft_inode_write_with_same_usn(ntfs_volume *volume, ntfs_inode *ni)
1946 {
1947 s32 i;
1948
1949 mft_record_write_with_same_usn(volume, ni);
1950
1951 if (ni->nr_extents <= 0)
1952 return;
1953
1954 for (i = 0; i < ni->nr_extents; ++i) {
1955 ntfs_inode *eni = ni->extent_nis[i];
1956 mft_record_write_with_same_usn(volume, eni);
1957 }
1958 }
1959
1960 static int walk_clusters(ntfs_volume *volume, struct ntfs_walk_cluster *walk)
1961 {
1962 s64 inode = 0;
1963 s64 last_mft_rec;
1964 u64 nr_clusters;
1965 ntfs_inode *ni;
1966 struct progress_bar progress;
1967
1968 if (opt.restore_image || (!opt.metadata && wipe))
1969 err_exit("Bug : invalid walk_clusters()\n");
1970 Printf("Scanning volume ...\n");
1971
1972 last_mft_rec = (volume->mft_na->initialized_size >>
1973 volume->mft_record_size_bits) - 1;
1974 walk->image->current_lcn = 0;
1975 progress_init(&progress, inode, last_mft_rec, 100);
1976
1977 NVolSetNoFixupWarn(volume);
1978 for (; inode <= last_mft_rec; inode++) {
1979
1980 int err, deleted_inode;
1981 MFT_REF mref = (MFT_REF)inode;
1982
1983 progress_update(&progress, inode);
1984
1985 /* FIXME: Terrible kludge for libntfs not being able to return
1986 a deleted MFT record as inode */
1987 ni = ntfs_calloc(sizeof(ntfs_inode));
1988 if (!ni)
1989 perr_exit("walk_clusters");
1990
1991 ni->vol = volume;
1992
1993 err = ntfs_file_record_read(volume, mref, &ni->mrec, NULL);
1994 if (err == -1) {
1995 free(ni);
1996 continue;
1997 }
1998
1999 deleted_inode = !(ni->mrec->flags & MFT_RECORD_IN_USE);
2000
2001 if (deleted_inode && !opt.metadata_image) {
2002
2003 ni->mft_no = MREF(mref);
2004 if (wipe) {
2005 wipe_unused_mft(ni);
2006 wipe_unused_mft_data(ni);
2007 mft_record_write_with_same_usn(volume, ni);
2008 }
2009 }
2010
2011 free(ni->mrec);
2012 free(ni);
2013
2014 if (deleted_inode)
2015 continue;
2016
2017 if ((ni = ntfs_inode_open(volume, mref)) == NULL) {
2018 /* FIXME: continue only if it make sense, e.g.
2019 MFT record not in use based on $MFT bitmap */
2020 if (errno == EIO || errno == ENOENT)
2021 continue;
2022 perr_exit("Reading inode %lld failed",
2023 (long long)inode);
2024 }
2025
2026 if (wipe)
2027 nr_used_mft_records++;
2028
2029 if (ni->mrec->base_mft_record)
2030 goto out;
2031
2032 walk->image->ni = ni;
2033 walk_attributes(walk);
2034 out:
2035 if (wipe && !opt.metadata_image) {
2036 int i;
2037
2038 wipe_unused_mft_data(ni);
2039 for (i = 0; i < ni->nr_extents; ++i) {
2040 wipe_unused_mft_data(ni->extent_nis[i]);
2041 }
2042 mft_inode_write_with_same_usn(volume, ni);
2043 }
2044
2045 if (ntfs_inode_close(ni))
2046 perr_exit("ntfs_inode_close for inode %lld",
2047 (long long)inode);
2048 }
2049 if (opt.metadata) {
2050 if (opt.metadata_image && wipe && opt.ignore_fs_check) {
2051 gap_to_cluster(-walk->image->current_lcn);
2052 compare_bitmaps(&lcn_bitmap, TRUE);
2053 walk->image->current_lcn = 0;
2054 }
2055 if (opt.metadata_image ? wipe : !wipe) {
2056 /* also get the backup bootsector */
2057 nr_clusters = vol->nr_clusters;
2058 lseek_to_cluster(nr_clusters);
2059 if (opt.metadata_image && wipe)
2060 gap_to_cluster(nr_clusters
2061 - walk->image->current_lcn);
2062 copy_cluster(opt.rescue, nr_clusters, nr_clusters);
2063 walk->image->current_lcn = nr_clusters;
2064 }
2065 /* Not counted, for compatibility with older versions */
2066 if (!opt.metadata_image)
2067 walk->image->inuse++;
2068 }
2069 return 0;
2070 }
2071
2072
2073 /*
2074 * $Bitmap can overlap the end of the volume. Any bits in this region
2075 * must be set. This region also encompasses the backup boot sector.
2076 */
2077 static void bitmap_file_data_fixup(s64 cluster, struct bitmap *bm)
2078 {
2079 for (; cluster < bm->size << 3; cluster++)
2080 ntfs_bit_set(bm->bm, (u64)cluster, 1);
2081 }
2082
2083
2084 /*
2085 * Allocate a block of memory with one bit for each cluster of the disk.
2086 * All the bits are set to 0, except those representing the region beyond the
2087 * end of the disk.
2088 */
2089 static void setup_lcn_bitmap(void)
2090 {
2091 /* Determine lcn bitmap byte size and allocate it. */
2092 /* include the alternate boot sector in the bitmap count */
2093 lcn_bitmap.size = rounded_up_division(vol->nr_clusters + 1, 8);
2094
2095 lcn_bitmap.bm = ntfs_calloc(lcn_bitmap.size);
2096 if (!lcn_bitmap.bm)
2097 perr_exit("Failed to allocate internal buffer");
2098
2099 bitmap_file_data_fixup(vol->nr_clusters, &lcn_bitmap);
2100 }
2101
2102
2103 static s64 volume_size(ntfs_volume *volume, s64 nr_clusters)
2104 {
2105 return nr_clusters * volume->cluster_size;
2106 }
2107
2108
2109 static void print_volume_size(const char *str, s64 bytes)
2110 {
2111 Printf("%s: %lld bytes (%lld MB)\n", str, (long long)bytes,
2112 (long long)rounded_up_division(bytes, NTFS_MBYTE));
2113 }
2114
2115
2116 static void print_disk_usage(const char *spacer, u32 cluster_size,
2117 s64 nr_clusters, s64 inuse)
2118 {
2119 s64 total, used;
2120
2121 total = nr_clusters * cluster_size;
2122 used = inuse * cluster_size;
2123
2124 Printf("Space in use %s: %lld MB (%.1f%%) ", spacer,
2125 (long long)rounded_up_division(used, NTFS_MBYTE),
2126 100.0 * ((float)used / total));
2127
2128 Printf("\n");
2129 }
2130
2131 static void print_image_info(void)
2132 {
2133 Printf("Ntfsclone image version: %d.%d\n",
2134 image_hdr.major_ver, image_hdr.minor_ver);
2135 Printf("Cluster size : %u bytes\n",
2136 (unsigned)le32_to_cpu(image_hdr.cluster_size));
2137 print_volume_size("Image volume size ",
2138 sle64_to_cpu(image_hdr.nr_clusters) *
2139 le32_to_cpu(image_hdr.cluster_size));
2140 Printf("Image device size : %lld bytes\n",
2141 (long long)le64_to_cpu(image_hdr.device_size));
2142 print_disk_usage(" ", le32_to_cpu(image_hdr.cluster_size),
2143 sle64_to_cpu(image_hdr.nr_clusters),
2144 le64_to_cpu(image_hdr.inuse));
2145 Printf("Offset to image data : %u (0x%x) bytes\n",
2146 (unsigned)le32_to_cpu(image_hdr.offset_to_image_data),
2147 (unsigned)le32_to_cpu(image_hdr.offset_to_image_data));
2148 }
2149
2150 static void check_if_mounted(const char *device, unsigned long new_mntflag)
2151 {
2152 unsigned long mntflag;
2153
2154 if (ntfs_check_if_mounted(device, &mntflag))
2155 perr_exit("Failed to check '%s' mount state", device);
2156
2157 if (mntflag & NTFS_MF_MOUNTED) {
2158 if (!(mntflag & NTFS_MF_READONLY))
2159 err_exit("Device '%s' is mounted read-write. "
2160 "You must 'umount' it first.\n", device);
2161 if (!new_mntflag)
2162 err_exit("Device '%s' is mounted. "
2163 "You must 'umount' it first.\n", device);
2164 }
2165 }
2166
2167 /**
2168 * mount_volume -
2169 *
2170 * First perform some checks to determine if the volume is already mounted, or
2171 * is dirty (Windows wasn't shutdown properly). If everything is OK, then mount
2172 * the volume (load the metadata into memory).
2173 */
2174 static void mount_volume(unsigned long new_mntflag)
2175 {
2176 check_if_mounted(opt.volume, new_mntflag);
2177
2178 if (!(vol = ntfs_mount(opt.volume, new_mntflag))) {
2179
2180 int err = errno;
2181
2182 perr_printf("Opening '%s' as NTFS failed", opt.volume);
2183 if (err == EINVAL) {
2184 Printf("Apparently device '%s' doesn't have a "
2185 "valid NTFS. Maybe you selected\nthe whole "
2186 "disk instead of a partition (e.g. /dev/hda, "
2187 "not /dev/hda1)?\n", opt.volume);
2188 }
2189 /*
2190 * Retry with recovering the log file enabled.
2191 * Normally avoided in order to get the original log file
2192 * data, but needed when remounting the metadata of a
2193 * volume improperly unmounted from Windows.
2194 * If the full log file was requested, it must be kept
2195 * as is, so we just remount read-only.
2196 */
2197 if (!(new_mntflag & (NTFS_MNT_RDONLY | NTFS_MNT_RECOVER))) {
2198 if (opt.full_logfile) {
2199 Printf("Retrying read-only to ignore"
2200 " the log file...\n");
2201 vol = ntfs_mount(opt.volume,
2202 new_mntflag | NTFS_MNT_RDONLY);
2203 } else {
2204 Printf("Trying to recover...\n");
2205 vol = ntfs_mount(opt.volume,
2206 new_mntflag | NTFS_MNT_RECOVER);
2207 }
2208 Printf("... %s\n",(vol ? "Successful" : "Failed"));
2209 }
2210 if (!vol)
2211 exit(1);
2212 }
2213
2214 if (vol->flags & VOLUME_IS_DIRTY)
2215 if (opt.force-- <= 0)
2216 err_exit(dirty_volume_msg, opt.volume);
2217
2218 if (NTFS_MAX_CLUSTER_SIZE < vol->cluster_size)
2219 err_exit("Cluster size %u is too large!\n",
2220 (unsigned int)vol->cluster_size);
2221
2222 Printf("NTFS volume version: %d.%d\n", vol->major_ver, vol->minor_ver);
2223 if (ntfs_version_is_supported(vol))
2224 perr_exit("Unknown NTFS version");
2225
2226 Printf("Cluster size : %u bytes\n",
2227 (unsigned int)vol->cluster_size);
2228 print_volume_size("Current volume size",
2229 volume_size(vol, vol->nr_clusters));
2230 }
2231
2232 static struct ntfs_walk_cluster backup_clusters = { NULL, NULL };
2233
2234 static int device_offset_valid(int fd, s64 ofs)
2235 {
2236 char ch;
2237
2238 if (lseek(fd, ofs, SEEK_SET) >= 0 && read(fd, &ch, 1) == 1)
2239 return 0;
2240 return -1;
2241 }
2242
2243 static s64 device_size_get(int fd)
2244 {
2245 s64 high, low;
2246 #ifdef BLKGETSIZE64
2247 { u64 size;
2248
2249 if (ioctl(fd, BLKGETSIZE64, &size) >= 0) {
2250 ntfs_log_debug("BLKGETSIZE64 nr bytes = %llu "
2251 "(0x%llx).\n", (unsigned long long)size,
2252 (unsigned long long)size);
2253 return (s64)size;
2254 }
2255 }
2256 #endif
2257 #ifdef BLKGETSIZE
2258 { unsigned long size;
2259
2260 if (ioctl(fd, BLKGETSIZE, &size) >= 0) {
2261 ntfs_log_debug("BLKGETSIZE nr 512 byte blocks = %lu "
2262 "(0x%lx).\n", size, size);
2263 return (s64)size * 512;
2264 }
2265 }
2266 #endif
2267 #ifdef FDGETPRM
2268 { struct floppy_struct this_floppy;
2269
2270 if (ioctl(fd, FDGETPRM, &this_floppy) >= 0) {
2271 ntfs_log_debug("FDGETPRM nr 512 byte blocks = %lu "
2272 "(0x%lx).\n", this_floppy.size,
2273 this_floppy.size);
2274 return (s64)this_floppy.size * 512;
2275 }
2276 }
2277 #endif
2278 /*
2279 * We couldn't figure it out by using a specialized ioctl,
2280 * so do binary search to find the size of the device.
2281 */
2282 low = 0LL;
2283 for (high = 1024LL; !device_offset_valid(fd, high); high <<= 1)
2284 low = high;
2285 while (low < high - 1LL) {
2286 const s64 mid = (low + high) / 2;
2287
2288 if (!device_offset_valid(fd, mid))
2289 low = mid;
2290 else
2291 high = mid;
2292 }
2293 lseek(fd, 0LL, SEEK_SET);
2294 return (low + 1LL);
2295 }
2296
2297 static void fsync_clone(int fd)
2298 {
2299 Printf("Syncing ...\n");
2300 if (opt.save_image && stream_out && fflush(stream_out))
2301 perr_exit("fflush");
2302 if (fsync(fd) && errno != EINVAL)
2303 perr_exit("fsync");
2304 }
2305
2306 static void set_filesize(s64 filesize)
2307 {
2308 #ifndef NO_STATFS
2309 long fs_type = 0; /* Unknown filesystem type */
2310
2311 if (fstatfs(fd_out, &opt.stfs) == -1)
2312 Printf("WARNING: Couldn't get filesystem type: "
2313 "%s\n", strerror(errno));
2314 else
2315 fs_type = opt.stfs.f_type;
2316
2317 if (fs_type == 0x52654973)
2318 Printf("WARNING: You're using ReiserFS, it has very poor "
2319 "performance creating\nlarge sparse files. The next "
2320 "operation might take a very long time!\n"
2321 "Creating sparse output file ...\n");
2322 else if (fs_type == 0x517b)
2323 Printf("WARNING: You're using SMBFS and if the remote share "
2324 "isn't Samba but a Windows\ncomputer then the clone "
2325 "operation will be very inefficient and may fail!\n");
2326 #endif
2327
2328 if (!opt.no_action && (ftruncate(fd_out, filesize) == -1)) {
2329 int err = errno;
2330 perr_printf("ftruncate failed for file '%s'", opt.output);
2331 #ifndef NO_STATFS
2332 if (fs_type)
2333 Printf("Destination filesystem type is 0x%lx.\n",
2334 (unsigned long)fs_type);
2335 #endif
2336 if (err == E2BIG) {
2337 Printf("Your system or the destination filesystem "
2338 "doesn't support large files.\n");
2339 #ifndef NO_STATFS
2340 if (fs_type == 0x517b) {
2341 Printf("SMBFS needs minimum Linux kernel "
2342 "version 2.4.25 and\n the 'lfs' option"
2343 "\nfor smbmount to have large "
2344 "file support.\n");
2345 }
2346 #endif
2347 } else if (err == EPERM) {
2348 Printf("Apparently the destination filesystem doesn't "
2349 "support sparse files.\nYou can overcome this "
2350 "by using the more efficient --save-image "
2351 "option\nof ntfsclone. Use the --restore-image "
2352 "option to restore the image.\n");
2353 }
2354 exit(1);
2355 }
2356 /*
2357 * If truncate just created a sparse file, the ability
2358 * to generically store big files has been checked, but no
2359 * space has been reserved and available space has probably
2360 * not been checked. Better reset the file so that we write
2361 * sequentially to the end.
2362 */
2363 if (!opt.no_action) {
2364 #ifdef HAVE_WINDOWS_H
2365 if (ftruncate(fd_out, 0))
2366 Printf("Failed to reset the output file.\n");
2367 #else
2368 struct stat st;
2369 int s;
2370
2371 s = fstat(fd_out, &st);
2372 if (s || (!st.st_blocks && ftruncate(fd_out, 0)))
2373 Printf("Failed to reset the output file.\n");
2374 #endif
2375 /* Proceed even if ftruncate failed */
2376 }
2377 }
2378
2379 static s64 open_image(void)
2380 {
2381 if (strcmp(opt.volume, "-") == 0) {
2382 if ((fd_in = fileno(stdin)) == -1)
2383 perr_exit("fileno for stdin failed");
2384 #ifdef HAVE_WINDOWS_H
2385 if (setmode(fd_in,O_BINARY) == -1)
2386 perr_exit("setting binary stdin failed");
2387 #endif
2388 } else {
2389 if ((fd_in = open(opt.volume, O_RDONLY | O_BINARY)) == -1)
2390 perr_exit("failed to open image");
2391 }
2392 if (read_all(&fd_in, &image_hdr, NTFSCLONE_IMG_HEADER_SIZE_OLD) == -1)
2393 perr_exit("read_all");
2394 if (memcmp(image_hdr.magic, IMAGE_MAGIC, IMAGE_MAGIC_SIZE) != 0)
2395 err_exit("Input file is not an image! (invalid magic)\n");
2396 if (image_hdr.major_ver < NTFSCLONE_IMG_VER_MAJOR_ENDIANNESS_SAFE) {
2397 image_hdr.major_ver = NTFSCLONE_IMG_VER_MAJOR;
2398 image_hdr.minor_ver = NTFSCLONE_IMG_VER_MINOR;
2399 #if (__BYTE_ORDER == __BIG_ENDIAN)
2400 /*
2401 * old image read on a big endian computer,
2402 * assuming it was created big endian and read cpu-wise,
2403 * so we should translate to little endian
2404 */
2405 Printf("Old image format detected. If the image was created "
2406 "on a little endian architecture it will not "
2407 "work. Use a more recent version of "
2408 "ntfsclone to recreate the image.\n");
2409 image_hdr.cluster_size = cpu_to_le32(image_hdr.cluster_size);
2410 image_hdr.device_size = cpu_to_sle64(image_hdr.device_size);
2411 image_hdr.nr_clusters = cpu_to_sle64(image_hdr.nr_clusters);
2412 image_hdr.inuse = cpu_to_sle64(image_hdr.inuse);
2413 #endif
2414 image_hdr.offset_to_image_data =
2415 const_cpu_to_le32((sizeof(image_hdr)
2416 + IMAGE_HDR_ALIGN - 1) & -IMAGE_HDR_ALIGN);
2417 image_is_host_endian = TRUE;
2418 } else {
2419 /* safe image : little endian data */
2420 le32 offset_to_image_data;
2421 int delta;
2422
2423 if (image_hdr.major_ver > NTFSCLONE_IMG_VER_MAJOR)
2424 err_exit("Do not know how to handle image format "
2425 "version %d.%d. Please obtain a "
2426 "newer version of ntfsclone.\n",
2427 image_hdr.major_ver,
2428 image_hdr.minor_ver);
2429 /* Read the image header data offset. */
2430 if (read_all(&fd_in, &offset_to_image_data,
2431 sizeof(offset_to_image_data)) == -1)
2432 perr_exit("read_all");
2433 /* do not translate little endian data */
2434 image_hdr.offset_to_image_data = offset_to_image_data;
2435 /*
2436 * Read any fields from the header that we have not read yet so
2437 * that the input stream is positioned correctly. This means
2438 * we can support future minor versions that just extend the
2439 * header in a backwards compatible way.
2440 */
2441 delta = le32_to_cpu(offset_to_image_data)
2442 - (NTFSCLONE_IMG_HEADER_SIZE_OLD +
2443 sizeof(image_hdr.offset_to_image_data));
2444 if (delta > 0) {
2445 char *dummy_buf;
2446
2447 dummy_buf = malloc(delta);
2448 if (!dummy_buf)
2449 perr_exit("malloc dummy_buffer");
2450 if (read_all(&fd_in, dummy_buf, delta) == -1)
2451 perr_exit("read_all");
2452 free(dummy_buf);
2453 }
2454 }
2455 return le64_to_cpu(image_hdr.device_size);
2456 }
2457
2458 static s64 open_volume(void)
2459 {
2460 s64 device_size;
2461
2462 mount_volume(NTFS_MNT_RDONLY);
2463
2464 device_size = ntfs_device_size_get(vol->dev, 1);
2465 if (device_size <= 0)
2466 err_exit("Couldn't get device size (%lld)!\n",
2467 (long long)device_size);
2468
2469 print_volume_size("Current device size", device_size);
2470
2471 if (device_size < vol->nr_clusters * vol->cluster_size)
2472 err_exit("Current NTFS volume size is bigger than the device "
2473 "size (%lld)!\nCorrupt partition table or incorrect "
2474 "device partitioning?\n", (long long)device_size);
2475
2476 return device_size;
2477 }
2478
2479 static void initialise_image_hdr(s64 device_size, s64 inuse)
2480 {
2481 memcpy(image_hdr.magic, IMAGE_MAGIC, IMAGE_MAGIC_SIZE);
2482 image_hdr.major_ver = NTFSCLONE_IMG_VER_MAJOR;
2483 image_hdr.minor_ver = NTFSCLONE_IMG_VER_MINOR;
2484 image_hdr.cluster_size = cpu_to_le32(vol->cluster_size);
2485 image_hdr.device_size = cpu_to_le64(device_size);
2486 image_hdr.nr_clusters = cpu_to_sle64(vol->nr_clusters);
2487 image_hdr.inuse = cpu_to_le64(inuse);
2488 image_hdr.offset_to_image_data = cpu_to_le32((sizeof(image_hdr)
2489 + IMAGE_HDR_ALIGN - 1) & -IMAGE_HDR_ALIGN);
2490 }
2491
2492 static void check_output_device(s64 input_size)
2493 {
2494 if (opt.blkdev_out) {
2495 s64 dest_size;
2496
2497 if (dev_out)
2498 dest_size = ntfs_device_size_get(dev_out, 1);
2499 else
2500 dest_size = device_size_get(fd_out);
2501 if (dest_size < input_size)
2502 err_exit("Output device is too small (%lld) to fit the "
2503 "NTFS image (%lld).\n",
2504 (long long)dest_size, (long long)input_size);
2505
2506 check_if_mounted(opt.output, 0);
2507 } else
2508 set_filesize(input_size);
2509 }
2510
2511 static void ignore_bad_clusters(ntfs_walk_clusters_ctx *image)
2512 {
2513 ntfs_inode *ni;
2514 ntfs_attr *na;
2515 runlist *rl;
2516 s64 nr_bad_clusters = 0;
2517 static le16 Bad[4] = {
2518 const_cpu_to_le16('$'), const_cpu_to_le16('B'),
2519 const_cpu_to_le16('a'), const_cpu_to_le16('d')
2520 } ;
2521
2522 if (!(ni = ntfs_inode_open(vol, FILE_BadClus)))
2523 perr_exit("ntfs_open_inode");
2524
2525 na = ntfs_attr_open(ni, AT_DATA, Bad, 4);
2526 if (!na)
2527 perr_exit("ntfs_attr_open");
2528 if (ntfs_attr_map_whole_runlist(na))
2529 perr_exit("ntfs_attr_map_whole_runlist");
2530
2531 for (rl = na->rl; rl->length; rl++) {
2532 s64 lcn = rl->lcn;
2533
2534 if (lcn == LCN_HOLE || lcn < 0)
2535 continue;
2536
2537 for (; lcn < rl->lcn + rl->length; lcn++, nr_bad_clusters++) {
2538 if (ntfs_bit_get_and_set(lcn_bitmap.bm, lcn, 0))
2539 image->inuse--;
2540 }
2541 }
2542 if (nr_bad_clusters)
2543 Printf("WARNING: The disk has %lld or more bad sectors"
2544 " (hardware faults).\n", (long long)nr_bad_clusters);
2545 ntfs_attr_close(na);
2546 if (ntfs_inode_close(ni))
2547 perr_exit("ntfs_inode_close failed for $BadClus");
2548 }
2549
2550 static void check_dest_free_space(u64 src_bytes)
2551 {
2552 #ifndef HAVE_WINDOWS_H
2553 u64 dest_bytes;
2554 struct statvfs stvfs;
2555 struct stat st;
2556
2557 if (opt.metadata || opt.blkdev_out || opt.std_out)
2558 return;
2559 /*
2560 * TODO: save_image needs a bit more space than src_bytes
2561 * due to the free space encoding overhead.
2562 */
2563 if (fstatvfs(fd_out, &stvfs) == -1) {
2564 Printf("WARNING: Unknown free space on the destination: %s\n",
2565 strerror(errno));
2566 return;
2567 }
2568
2569 /* If file is a FIFO then there is no point in checking the size. */
2570 if (!fstat(fd_out, &st)) {
2571 if (S_ISFIFO(st.st_mode))
2572 return;
2573 } else
2574 Printf("WARNING: fstat failed: %s\n", strerror(errno));
2575
2576 dest_bytes = (u64)stvfs.f_frsize * stvfs.f_bfree;
2577 if (!dest_bytes)
2578 dest_bytes = (u64)stvfs.f_bsize * stvfs.f_bfree;
2579
2580 if (dest_bytes < src_bytes)
2581 err_exit("Destination doesn't have enough free space: "
2582 "%llu MB < %llu MB\n",
2583 (unsigned long long)rounded_up_division(dest_bytes, NTFS_MBYTE),
2584 (unsigned long long)rounded_up_division(src_bytes, NTFS_MBYTE));
2585 #endif
2586 }
2587
2588 int main(int argc, char **argv)
2589 {
2590 ntfs_walk_clusters_ctx image;
2591 s64 device_size; /* input device size in bytes */
2592 s64 ntfs_size;
2593 unsigned int wiped_total = 0;
2594
2595 /* make sure the layout of header is not affected by alignments */
2596 if (offsetof(struct image_hdr, offset_to_image_data)
2597 != IMAGE_OFFSET_OFFSET) {
2598 fprintf(stderr,"ntfsclone is not compiled properly. "
2599 "Please fix\n");
2600 exit(1);
2601 }
2602 /* print to stderr, stdout can be an NTFS image ... */
2603 fprintf(stderr, "%s v%s (libntfs-3g)\n", EXEC_NAME, VERSION);
2604 msg_out = stderr;
2605
2606 parse_options(argc, argv);
2607
2608 utils_set_locale();
2609
2610 if (opt.restore_image) {
2611 device_size = open_image();
2612 ntfs_size = sle64_to_cpu(image_hdr.nr_clusters) *
2613 le32_to_cpu(image_hdr.cluster_size);
2614 } else {
2615 device_size = open_volume();
2616 ntfs_size = vol->nr_clusters * vol->cluster_size;
2617 }
2618 // FIXME: This needs to be the cluster size...
2619 ntfs_size += 512; /* add backup boot sector */
2620 full_device_size = device_size;
2621
2622 if (opt.std_out) {
2623 if ((fd_out = fileno(stdout)) == -1)
2624 perr_exit("fileno for stdout failed");
2625 stream_out = stdout;
2626 #ifdef HAVE_WINDOWS_H
2627 if (setmode(fileno(stdout),O_BINARY) == -1)
2628 perr_exit("setting binary stdout failed");
2629 #endif
2630 } else {
2631 /* device_size_get() might need to read() */
2632 int flags = O_RDWR | O_BINARY;
2633
2634 fd_out = 0;
2635 if (!opt.blkdev_out) {
2636 flags |= O_CREAT | O_TRUNC;
2637 if (!opt.overwrite)
2638 flags |= O_EXCL;
2639 }
2640
2641 if (opt.save_image || opt.metadata_image) {
2642 stream_out = fopen(opt.output,BINWMODE);
2643 if (!stream_out)
2644 perr_exit("Opening file '%s' failed",
2645 opt.output);
2646 fd_out = fileno(stream_out);
2647 } else {
2648 #ifdef HAVE_WINDOWS_H
2649 if (!opt.no_action) {
2650 dev_out = ntfs_device_alloc(opt.output, 0,
2651 &ntfs_device_default_io_ops, NULL);
2652 if (!dev_out
2653 || (dev_out->d_ops->open)(dev_out, flags))
2654 perr_exit("Opening volume '%s' failed",
2655 opt.output);
2656 }
2657 #else
2658 if (!opt.no_action
2659 && ((fd_out = open(opt.output, flags,
2660 S_IRUSR | S_IWUSR)) == -1))
2661 perr_exit("Opening file '%s' failed",
2662 opt.output);
2663 #endif
2664 }
2665
2666 if (!opt.save_image && !opt.metadata_image && !opt.no_action)
2667 check_output_device(ntfs_size);
2668 }
2669
2670 if (opt.restore_image) {
2671 print_image_info();
2672 restore_image();
2673 if (!opt.no_action)
2674 fsync_clone(fd_out);
2675 exit(0);
2676 }
2677
2678 setup_lcn_bitmap();
2679 memset(&image, 0, sizeof(image));
2680 backup_clusters.image = ℑ
2681
2682 walk_clusters(vol, &backup_clusters);
2683 image.more_use = compare_bitmaps(&lcn_bitmap,
2684 opt.metadata && !opt.metadata_image);
2685 print_disk_usage("", vol->cluster_size, vol->nr_clusters, image.inuse);
2686
2687 check_dest_free_space(vol->cluster_size * image.inuse);
2688
2689 ignore_bad_clusters(&image);
2690
2691 if (opt.save_image)
2692 initialise_image_hdr(device_size, image.inuse);
2693
2694 if ((opt.std_out && !opt.metadata_image) || !opt.metadata) {
2695 s64 nr_clusters_to_save = image.inuse;
2696 if (opt.std_out && !opt.save_image)
2697 nr_clusters_to_save = vol->nr_clusters;
2698 nr_clusters_to_save++; /* account for the backup boot sector */
2699
2700 clone_ntfs(nr_clusters_to_save, image.more_use);
2701 fsync_clone(fd_out);
2702 if (opt.save_image)
2703 fclose(stream_out);
2704 ntfs_umount(vol,FALSE);
2705 free(lcn_bitmap.bm);
2706 exit(0);
2707 }
2708
2709 wipe = 1;
2710 if (opt.metadata_image) {
2711 initialise_image_hdr(device_size, image.inuse);
2712 write_image_hdr();
2713 } else {
2714 if (dev_out) {
2715 (dev_out->d_ops->close)(dev_out);
2716 dev_out = NULL;
2717 } else
2718 fsync_clone(fd_out); /* sync copy before mounting */
2719 opt.volume = opt.output;
2720 /* 'force' again mount for dirty volumes (e.g. after resize).
2721 FIXME: use mount flags to avoid potential side-effects in future */
2722 opt.force++;
2723 ntfs_umount(vol,FALSE);
2724 mount_volume(0 /*NTFS_MNT_NOATIME*/);
2725 }
2726
2727 free(lcn_bitmap.bm);
2728 setup_lcn_bitmap();
2729 memset(&image, 0, sizeof(image));
2730 backup_clusters.image = ℑ
2731
2732 walk_clusters(vol, &backup_clusters);
2733
2734 Printf("Num of MFT records = %10lld\n",
2735 (long long)vol->mft_na->initialized_size >>
2736 vol->mft_record_size_bits);
2737 Printf("Num of used MFT records = %10u\n", nr_used_mft_records);
2738
2739 Printf("Wiped unused MFT data = %10u\n", wiped_unused_mft_data);
2740 Printf("Wiped deleted MFT data = %10u\n", wiped_unused_mft);
2741 Printf("Wiped resident user data = %10u\n", wiped_resident_data);
2742 Printf("Wiped timestamp data = %10u\n", wiped_timestamp_data);
2743
2744 wiped_total += wiped_unused_mft_data;
2745 wiped_total += wiped_unused_mft;
2746 wiped_total += wiped_resident_data;
2747 wiped_total += wiped_timestamp_data;
2748 Printf("Wiped totally = %10u\n", wiped_total);
2749
2750 if (opt.metadata_image)
2751 fclose(stream_out);
2752 else
2753 fsync_clone(fd_out);
2754 ntfs_umount(vol,FALSE);
2755 free(lcn_bitmap.bm);
2756 return (0);
2757 }
2758