When the mount option "posix_nlink" is used, the number of links
returned by stat complies with Posix : the legacy 8.3 names are not
taken into account, and the subdirectories are taken into account
for directories. This causes some overhead for recomputing the
number of links.
The translations of Windows paths designed for translating Windows symlinks
and mount points may also be used in plugins for translation execlinks,
so make them available.
The types of reparse point objects cannot be decided upon the data
available in a directory, so we must delegate their determination to a
specific plugin when available, and be consistent if there is none.
On linux the request argument of ioctl() is defined as an unsigned long,
but the fuse protocol squashes it into a signed int. As a consequence
the value received by ntfs-3g may appear as negative and different from
the value defined by the corresponding macro.
So define the request argument as unsigned long in ntfs-3g. It has
however to be fed as unsigned from fuse until the fuse protocol is
updated.
As similar reparse tags are being used for accessing OneDrive files
and directories, a similar policy has to be used for accessing them.
Until giving full access to OneDrive files with a local copy is
mature enough to have it processed internally, it is safer to have
it delegated to an external plugin. This reverts [4f450a]
When permissions are enabled and setxattr() is rejected, an error
must be returned even though the option silent is set. This is needed
for "cp -p" to know it has to try setting the permissions again and use
chmod().
When the bit 28 of a reparse tag is set on a directory, the reparse
information should be ignored and the directory should be accessed
the usual way (this setting is new to Windows 10). In such a situation
access to the directory through an internal plugin rather than through
an external one.
The same policy applies to REPARSE_TAG_WCI which had been defined
earlier without the bit 28 being set.
When the ntfs image is unclean, usually because it was not unmounted
properly from Windows, mounting read-write is denied and falls back
to read-only. Log this situation in the syslog, so that users mounting
through /etc/fstab can more easily know what is going on. Also remove
the "rw" option if it was stated.
Windows 10 brought a new type of reparse point for directories (0x80000018),
so add opendir() and readdir() to the plugin interface to take directories
into account. The interface for releasedir() is merged with release() as
the plugins can discriminate them if needed.
Windows places filenames with a trailing dot or space in the Win32
namespace and allows setting DOS names on such files. This is true even
though on Windows such filenames can only be created and accessed using
WinNT-style paths and will confuse most Windows software. Regardless,
because libntfs-3g did not allow setting DOS names on such files, in
some cases it was impossible to correctly restore, using libntfs-3g, a
directory structure that was created under Windows.
Update ntfs_set_ntfs_dos_name() to permit operating on a file that has a
long name with a trailing dot or space. But continue to forbid creating
such names on a filesystem FUSE-mounted with the windows_name option.
Additionally, continue to forbid a trailing a dot or space in DOS names;
this matches the Windows behavior.
(contributed by Eric Biggers)
Following a recent patch to the fuse kernel, the Posix ACL checks can
be done within the kernel instead of having to be done in the file
system, provided lowntfs-3g is used.
This mode is still not used by default until the fuse patch is
released by distributions.
Now that the size of the reparse point attribute is no longer used by
the FUSE drivers to populate st_size for symlinks and junctions, it no
longer needs to be returned by ntfs_make_symlink().
(contributed by Eric Biggers)
Made ntfs-3f conform to the standard POSIX convention of setting st_size
to the length of the symlink target without a terminating null.
(contributed by Eric Biggers)
$Extend is a directory reserved for metadata specific to Windows.
Inserting other files or directories there leads to problems with
some Windows versions.
GCC 6 reports a warning in ntfs_allowed_dir_access() because the code has
misleading indentation. Fix by adding braces. There is no actual change
in behavior because of the '(allowed == 2)' condition.
Signed-off-by: Eric Biggers <ebiggers3@gmail.com>
Currently, applications that wish to access security descriptors have to
explicitly open the volume's security descriptor index ("$Secure") using
ntfs_open_secure(). Applications are also responsible for closing the
index when done with it. However, the cleanup function for doing,
ntfs_close_secure(), cannot be called easily by all applications because
it requires a SECURITY_CONTEXT argument, not simply the ntfs_volume.
Some applications therefore have to close the inode and index contexts
manually in order to clean up properly.
This proposal updates libntfs-3g to open $Secure unconditonally as part
of ntfs_mount(), so that applications do not have to worry about it.
This proposal updates libntfs-3g to open $Secure unconditonally as part
of ntfs_mount(), so that applications do not have to worry about it.
ntfs_close_secure() is updated to take in a ntfs_volume for internal use,
and ntfs_destroy_security_context() is now the function to call to free
memory associated with a SECURITY_CONTEXT rather than a ntfs_volume.
Some memory leaks in error paths of ntfs_open_secure() are also fixed.
Signed-off-by: Eric Biggers <ebiggers3@gmail.com>
Switch to the standard autoconf AC_HEADER_MAJOR macro which takes care
of the ugly details like when to use mkdev.h and when to use sysmacros.h.
(requires <sys/types.h> to be included)
Also include these in all files that use major/minor/makedev funcs.
(Contributed by Mike Frysinger)
If the remove_hiberfile mount option is present, explicitly disallow
the library from switching to a read-only mount. This is only to avoid
confusion, as the remove_hiberfile is processed before taking the
decision to fall back to read-only.
User extended attributes should only be set on files and directories,
not on symlinks, sockets, devices, etc. For safety they are also
forbidden on metadata files, but should be allowed on the root
directory. For files based on reparse points, requests are made
to the plugin to determine the type.
The new "system compression" files used by Windows 10 make use of reparse
points to record the compression parameters, and a specific named data
stream is used to store the compressed data. With this patch, processing
of reparse points can be done by an external plugin only loaded as needed.
Junctions and symlinks, which are also based on reparse points, are now
processed by "internal plugins".
fuse-lite announces a FUSE_VERSION which may not always match the exact
capabilities of the library. Hence we add a special case for 'ioctl',
which we know exists in fuse-lite regardless of the version number
published.
The capability actually appeared in FUSE 2.9, not 2.8. However in order
to maintain similarity to earlier #ifdef:s, we simpy check if
FUSE_CAP_IOCTL_DIR is defined rather than checking the FUSE version.
fstrim(8) discards unused blocks on a mounted filesystem. It is useful for
solid-state drives (SSDs) and thinly-provisioned storage.
Only trimming the full device (with no option) is supported.
Contributed by Richard W.M. Jones
When Posix ACLs are used, the umask is ignored and the initial permissions
of created files are taken for the parent directory. However the umask
should still be used when the Posix ACLs are not enabled in the mount
options.
When permissions are used, umask(2) is supposed to be active and the
umask mount option is supposed to be ignored, but it was still wrongly
applied. This caused permission restrictions when an external disk was
automatically mounted with standard options.
chmod/chown/setfacl can only define permissions according to Linux rules
with references to owner and group. Windows rules are more general and
propagated through inheritance, and chmod/chown/setfacl may create unwanted
deviations from these rules. Ignoring them prevents text editors from
creating such deviations when updating a file and creating a backup one.
If a readdir operation returned a file name larger than 255 bytes,
Solaris/Illumos would return I/O error from the readdir operation.
Fixed by truncating the file name returned in the readdir operation.
In ntfs_fuse_parse_path(), it's possible that strdup() succeeds but
ntfs_mbstoucs() returns a negative value. In such a case the callers
just treat it as an error and ignores the allocated path buffer
that results in a memory leak.
It fixes the warnings
src/ntfs-3g.c: In function 'ntfs_fuse_readlink':
src/ntfs-3g.c:987:6: warning: 'path' may be used uninitialized in this function [-Wmaybe-uninitialized]
src/ntfs-3g.c: In function 'ntfs_fuse_create':
src/ntfs-3g.c:1765:6: warning: 'path' may be used uninitialized in this function [-Wmaybe-uninitialized]
Windows applies legacy restrictions to file names, so when the option
windows_names is applied, reject the same reserved names, which are
CON, PRN, AUX, NUL, COM1..COM9, and LPT1..LPT9
Jean-Pierre André
Jean-Pierre André
Erik Larsson
Jean-Pierre André
Chih-Wei Huang