2 * win32_apply.c - Windows-specific code for applying files from a WIM image.
6 * Copyright (C) 2013 Eric Biggers
8 * This file is part of wimlib, a library for working with WIM files.
10 * wimlib is free software; you can redistribute it and/or modify it under the
11 * terms of the GNU General Public License as published by the Free
12 * Software Foundation; either version 3 of the License, or (at your option)
15 * wimlib is distributed in the hope that it will be useful, but WITHOUT ANY
16 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
17 * A PARTICULAR PURPOSE. See the GNU General Public License for more
20 * You should have received a copy of the GNU General Public License
21 * along with wimlib; if not, see http://www.gnu.org/licenses/.
30 #include "wimlib/win32_common.h"
32 #include "wimlib/apply.h"
33 #include "wimlib/error.h"
34 #include "wimlib/lookup_table.h"
35 #include "wimlib/xml.h"
36 #include "wimlib/wim.h"
37 #include "wimlib/wimboot.h"
40 ctx_save_data_source_id(struct apply_ctx *ctx, u64 data_source_id)
42 ctx->private[0] = data_source_id & 0xFFFFFFFF;
43 ctx->private[1] = data_source_id >> 32;
47 ctx_get_data_source_id(const struct apply_ctx *ctx)
49 return (u32)ctx->private[0] | ((u64)(u32)ctx->private[1] << 32);
53 win32_start_extract(const wchar_t *path, struct apply_ctx *ctx)
57 bool supports_SetFileShortName;
59 ret = win32_get_vol_flags(path, &vol_flags, &supports_SetFileShortName);
63 ctx->supported_features.archive_files = 1;
64 ctx->supported_features.hidden_files = 1;
65 ctx->supported_features.system_files = 1;
67 if (vol_flags & FILE_FILE_COMPRESSION)
68 ctx->supported_features.compressed_files = 1;
70 if (vol_flags & FILE_SUPPORTS_ENCRYPTION) {
71 ctx->supported_features.encrypted_files = 1;
72 ctx->supported_features.encrypted_directories = 1;
75 ctx->supported_features.not_context_indexed_files = 1;
77 if (vol_flags & FILE_SUPPORTS_SPARSE_FILES)
78 ctx->supported_features.sparse_files = 1;
80 if (vol_flags & FILE_NAMED_STREAMS)
81 ctx->supported_features.named_data_streams = 1;
83 if (vol_flags & FILE_SUPPORTS_HARD_LINKS)
84 ctx->supported_features.hard_links = 1;
86 if (vol_flags & FILE_SUPPORTS_REPARSE_POINTS) {
87 ctx->supported_features.reparse_points = 1;
88 if (win32func_CreateSymbolicLinkW)
89 ctx->supported_features.symlink_reparse_points = 1;
92 if (vol_flags & FILE_PERSISTENT_ACLS)
93 ctx->supported_features.security_descriptors = 1;
95 if (supports_SetFileShortName)
96 ctx->supported_features.short_names = 1;
98 if (ctx->extract_flags & WIMLIB_EXTRACT_FLAG_WIMBOOT) {
102 if (!wim_info_get_wimboot(ctx->wim->wim_info,
103 ctx->wim->current_image))
104 WARNING("Image is not marked as WIMBoot compatible!");
106 ret = wimboot_alloc_data_source_id(ctx->wim->filename,
107 ctx->wim->current_image,
108 path, &data_source_id);
112 ctx_save_data_source_id(ctx, data_source_id);
118 /* Delete a non-directory file, working around Windows quirks. */
120 win32_delete_file_wrapper(const wchar_t *path)
125 if (DeleteFile(path))
128 err = GetLastError();
129 attrib = GetFileAttributes(path);
130 if ((attrib != INVALID_FILE_ATTRIBUTES) &&
131 (attrib & FILE_ATTRIBUTE_READONLY))
133 /* Try again with FILE_ATTRIBUTE_READONLY cleared. */
134 attrib &= ~FILE_ATTRIBUTE_READONLY;
135 if (SetFileAttributes(path, attrib)) {
136 if (DeleteFile(path))
139 err = GetLastError();
148 /* Create a normal file, overwriting one already present. */
150 win32_create_file(const wchar_t *path, struct apply_ctx *ctx, u64 *cookie_ret)
156 * WRITE_OWNER and WRITE_DAC privileges are required for some reason,
157 * even through we're creating a new file.
159 * FILE_FLAG_OPEN_REPARSE_POINT is required to prevent an existing
160 * reparse point from redirecting the creation of the new file
161 * (potentially to an arbitrary location).
163 * CREATE_ALWAYS could be used instead of CREATE_NEW. However, there
164 * are quirks that would need to be handled (e.g. having to set
165 * FILE_ATTRIBUTE_HIDDEN and/or FILE_ATTRIBUTE_SYSTEM if the existing
166 * file had them specified, and/or having to clear
167 * FILE_ATTRIBUTE_READONLY on the existing file). It's simpler to just
168 * call win32_delete_file_wrapper() to delete the existing file in such
169 * a way that already handles the FILE_ATTRIBUTE_READONLY quirk.
172 h = CreateFile(path, WRITE_OWNER | WRITE_DAC, 0, NULL, CREATE_NEW,
173 FILE_FLAG_BACKUP_SEMANTICS |
174 FILE_FLAG_OPEN_REPARSE_POINT, NULL);
175 if (h == INVALID_HANDLE_VALUE) {
176 DWORD err = GetLastError();
178 if (err == ERROR_FILE_EXISTS && win32_delete_file_wrapper(path))
180 set_errno_from_win32_error(err);
181 return WIMLIB_ERR_OPEN;
188 win32_create_directory(const wchar_t *path, struct apply_ctx *ctx,
191 if (!CreateDirectory(path, NULL))
192 if (GetLastError() != ERROR_ALREADY_EXISTS)
197 set_errno_from_GetLastError();
198 return WIMLIB_ERR_MKDIR;
202 win32_create_hardlink(const wchar_t *oldpath, const wchar_t *newpath,
203 struct apply_ctx *ctx)
205 if (!CreateHardLink(newpath, oldpath, NULL)) {
206 if (GetLastError() != ERROR_ALREADY_EXISTS)
208 if (!win32_delete_file_wrapper(newpath))
210 if (!CreateHardLink(newpath, oldpath, NULL))
216 set_errno_from_GetLastError();
217 return WIMLIB_ERR_LINK;
221 win32_create_symlink(const wchar_t *oldpath, const wchar_t *newpath,
222 struct apply_ctx *ctx)
224 if (!(*win32func_CreateSymbolicLinkW)(newpath, oldpath, 0)) {
225 if (GetLastError() != ERROR_ALREADY_EXISTS)
227 if (!win32_delete_file_wrapper(newpath))
229 if (!(*win32func_CreateSymbolicLinkW)(newpath, oldpath, 0))
235 set_errno_from_GetLastError();
236 return WIMLIB_ERR_LINK;
240 win32_extract_wim_chunk(const void *buf, size_t len, void *arg)
242 HANDLE h = (HANDLE)arg;
243 DWORD nbytes_written;
245 if (unlikely(!WriteFile(h, buf, len, &nbytes_written, NULL)))
247 if (unlikely(nbytes_written != len))
252 set_errno_from_GetLastError();
253 return WIMLIB_ERR_WRITE;
257 win32_extract_stream(const wchar_t *path, const wchar_t *stream_name,
258 size_t stream_name_nchars,
259 struct wim_lookup_table_entry *lte, struct apply_ctx *ctx)
261 DWORD creationDisposition = OPEN_EXISTING;
262 wchar_t *stream_path = (wchar_t*)path;
266 if (stream_name_nchars) {
267 creationDisposition = CREATE_ALWAYS;
268 stream_path = alloca(sizeof(wchar_t) *
270 wcslen(stream_name) + 1));
271 tsprintf(stream_path, L"%ls:%ls", path, stream_name);
274 h = CreateFile(stream_path, FILE_WRITE_DATA, 0, NULL,
275 creationDisposition, FILE_FLAG_BACKUP_SEMANTICS |
276 FILE_FLAG_OPEN_REPARSE_POINT,
278 if (h == INVALID_HANDLE_VALUE)
283 goto out_close_handle;
284 ret = extract_stream(lte, lte->size, win32_extract_wim_chunk, h);
293 set_errno_from_GetLastError();
294 return WIMLIB_ERR_WRITE;
298 win32_extract_unnamed_stream(file_spec_t file,
299 struct wim_lookup_table_entry *lte,
300 struct apply_ctx *ctx)
302 if (ctx->extract_flags & WIMLIB_EXTRACT_FLAG_WIMBOOT
304 && lte->resource_location == RESOURCE_IN_WIM
305 && lte->rspec->wim == ctx->wim)
307 return wimboot_set_pointer(file.path,
308 ctx_get_data_source_id(ctx),
312 return win32_extract_stream(file.path, NULL, 0, lte, ctx);
316 win32_extract_named_stream(file_spec_t file, const wchar_t *stream_name,
317 size_t stream_name_nchars,
318 struct wim_lookup_table_entry *lte, struct apply_ctx *ctx)
320 return win32_extract_stream(file.path, stream_name,
321 stream_name_nchars, lte, ctx);
324 struct win32_encrypted_extract_ctx {
325 const struct wim_lookup_table_entry *lte;
330 win32_encrypted_import_cb(unsigned char *data, void *_import_ctx,
331 unsigned long *len_p)
333 struct win32_encrypted_extract_ctx *import_ctx = _import_ctx;
334 unsigned long len = *len_p;
335 const struct wim_lookup_table_entry *lte = import_ctx->lte;
337 len = min(len, lte->size - import_ctx->offset);
339 if (read_partial_wim_stream_into_buf(lte, len, import_ctx->offset, data))
340 return ERROR_READ_FAULT;
342 import_ctx->offset += len;
344 return ERROR_SUCCESS;
348 win32_extract_encrypted_stream(const wchar_t *path,
349 struct wim_lookup_table_entry *lte,
350 struct apply_ctx *ctx)
355 struct win32_encrypted_extract_ctx extract_ctx;
357 err = OpenEncryptedFileRaw(path, CREATE_FOR_IMPORT, &file_ctx);
358 if (err != ERROR_SUCCESS) {
359 set_errno_from_win32_error(err);
360 ret = WIMLIB_ERR_OPEN;
364 extract_ctx.lte = lte;
365 extract_ctx.offset = 0;
366 err = WriteEncryptedFileRaw(win32_encrypted_import_cb, &extract_ctx,
368 if (err != ERROR_SUCCESS) {
369 set_errno_from_win32_error(err);
370 ret = WIMLIB_ERR_WRITE;
376 CloseEncryptedFileRaw(file_ctx);
382 win32_set_special_file_attributes(const wchar_t *path, u32 attributes)
386 USHORT compression_format = COMPRESSION_FORMAT_DEFAULT;
387 DWORD bytes_returned;
389 h = win32_open_existing_file(path, GENERIC_READ | GENERIC_WRITE);
390 if (h == INVALID_HANDLE_VALUE)
393 if (attributes & FILE_ATTRIBUTE_SPARSE_FILE)
394 if (!DeviceIoControl(h, FSCTL_SET_SPARSE,
397 &bytes_returned, NULL))
398 goto error_close_handle;
400 if (attributes & FILE_ATTRIBUTE_COMPRESSED)
401 if (!DeviceIoControl(h, FSCTL_SET_COMPRESSION,
402 &compression_format, sizeof(USHORT),
404 &bytes_returned, NULL))
405 goto error_close_handle;
410 if (attributes & FILE_ATTRIBUTE_ENCRYPTED)
411 if (!EncryptFile(path))
417 err = GetLastError();
425 win32_set_file_attributes(const wchar_t *path, u32 attributes,
426 struct apply_ctx *ctx, unsigned pass)
428 u32 special_attributes =
429 FILE_ATTRIBUTE_REPARSE_POINT |
430 FILE_ATTRIBUTE_DIRECTORY |
431 FILE_ATTRIBUTE_SPARSE_FILE |
432 FILE_ATTRIBUTE_COMPRESSED |
433 FILE_ATTRIBUTE_ENCRYPTED;
434 u32 actual_attributes;
436 /* Delay setting FILE_ATTRIBUTE_READONLY on the initial pass (when files
437 * are created, but data not extracted); otherwise the system will
438 * refuse access to the file even if the process has SeRestorePrivilege.
441 attributes &= ~FILE_ATTRIBUTE_READONLY;
443 if (!SetFileAttributes(path, attributes & ~special_attributes))
449 if (attributes & (FILE_ATTRIBUTE_SPARSE_FILE |
450 FILE_ATTRIBUTE_ENCRYPTED |
451 FILE_ATTRIBUTE_COMPRESSED))
452 if (!win32_set_special_file_attributes(path, attributes))
455 /* If file is not supposed to be encrypted or compressed, remove
456 * defaulted encrypted or compressed attributes (from creating file in
457 * encrypted or compressed directory). */
458 actual_attributes = GetFileAttributes(path);
459 if (actual_attributes == INVALID_FILE_ATTRIBUTES)
462 if ((actual_attributes & FILE_ATTRIBUTE_ENCRYPTED) &&
463 !(attributes & FILE_ATTRIBUTE_ENCRYPTED))
464 if (!DecryptFile(path, 0))
466 if ((actual_attributes & FILE_ATTRIBUTE_COMPRESSED) &&
467 !(attributes & FILE_ATTRIBUTE_COMPRESSED))
470 DWORD bytes_returned;
471 USHORT compression_format = COMPRESSION_FORMAT_NONE;
473 h = win32_open_existing_file(path, GENERIC_READ | GENERIC_WRITE);
474 if (h == INVALID_HANDLE_VALUE)
477 if (!DeviceIoControl(h, FSCTL_SET_COMPRESSION,
478 &compression_format, sizeof(USHORT),
480 &bytes_returned, NULL))
482 DWORD err = GetLastError();
495 set_errno_from_GetLastError();
496 return WIMLIB_ERR_SET_ATTRIBUTES;
500 win32_set_reparse_data(const wchar_t *path, const u8 *rpbuf, u16 rpbuflen,
501 struct apply_ctx *ctx)
505 DWORD bytes_returned;
507 h = win32_open_existing_file(path, GENERIC_WRITE);
508 if (h == INVALID_HANDLE_VALUE)
511 if (!DeviceIoControl(h, FSCTL_SET_REPARSE_POINT,
512 (void*)rpbuf, rpbuflen,
513 NULL, 0, &bytes_returned, NULL))
514 goto error_close_handle;
522 err = GetLastError();
526 set_errno_from_GetLastError();
527 return WIMLIB_ERR_WRITE; /* XXX: need better error code */
531 win32_set_short_name(const wchar_t *path, const wchar_t *short_name,
532 size_t short_name_nchars, struct apply_ctx *ctx)
537 h = win32_open_existing_file(path, GENERIC_WRITE | DELETE);
538 if (h == INVALID_HANDLE_VALUE)
541 if (short_name_nchars) {
542 if (!SetFileShortName(h, short_name))
543 goto error_close_handle;
544 } else if (running_on_windows_7_or_later()) {
545 if (!SetFileShortName(h, L""))
546 goto error_close_handle;
555 err = GetLastError();
559 set_errno_from_GetLastError();
560 return WIMLIB_ERR_WRITE; /* XXX: need better error code */
564 do_win32_set_security_descriptor(HANDLE h, const wchar_t *path,
565 SECURITY_INFORMATION info,
566 PSECURITY_DESCRIPTOR desc)
569 if (func_NtSetSecurityObject) {
570 return (*func_RtlNtStatusToDosError)(
571 (*func_NtSetSecurityObject)(h, info, desc));
574 if (SetFileSecurity(path, info, desc))
575 return ERROR_SUCCESS;
577 return GetLastError();
581 * Set an arbitrary security descriptor on an arbitrary file (or directory),
582 * working around bugs and design flaws in the Windows operating system.
584 * On success, return 0. On failure, return WIMLIB_ERR_SET_SECURITY and set
585 * errno. Note: if WIMLIB_EXTRACT_FLAG_STRICT_ACLS is not set in
586 * ctx->extract_flags, this function succeeds iff any part of the security
587 * descriptor was successfully set.
590 win32_set_security_descriptor(const wchar_t *path, const u8 *desc,
591 size_t desc_size, struct apply_ctx *ctx)
593 SECURITY_INFORMATION info;
597 /* We really just want to set entire the security descriptor as-is, but
598 * all available APIs require specifying the specific parts of the
599 * descriptor being set. Start out by requesting all parts be set. If
600 * permissions problems are encountered, fall back to omitting some
601 * parts (first the SACL, then the DACL, then the owner), unless the
602 * WIMLIB_EXTRACT_FLAG_STRICT_ACLS flag has been enabled. */
603 info = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
604 DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
606 h = INVALID_HANDLE_VALUE;
608 /* Prefer NtSetSecurityObject() to SetFileSecurity(). SetFileSecurity()
609 * itself necessarily uses NtSetSecurityObject() as the latter is the
610 * underlying system call for setting security information, but
611 * SetFileSecurity() opens the handle with NtCreateFile() without
612 * FILE_OPEN_FILE_BACKUP_INTENT. Hence, access checks are done and due
613 * to the Windows security model, even a process running as the
614 * Administrator can have access denied. (Of course, this not mentioned
615 * in the MS "documentation".) */
618 if (func_NtSetSecurityObject) {
619 DWORD dwDesiredAccess;
621 /* Open a handle for NtSetSecurityObject() with as many relevant
622 * access rights as possible.
624 * We don't know which rights will be actually granted. It
625 * could be less than what is needed to actually assign the full
626 * security descriptor, especially if the process is running as
627 * a non-Administrator. However, by default we just do the best
628 * we can, unless WIMLIB_EXTRACT_FLAG_STRICT_ACLS has been
629 * enabled. The MAXIMUM_ALLOWED access right is seemingly
630 * designed for this use case; however, it does not work
631 * properly in all cases: it can cause CreateFile() to fail with
632 * ERROR_ACCESS_DENIED, even though by definition
633 * MAXIMUM_ALLOWED access only requests access rights that are
634 * *not* denied. (Needless to say, MS does not document this
637 dwDesiredAccess = WRITE_DAC |
639 ACCESS_SYSTEM_SECURITY;
643 h = win32_open_existing_file(path, dwDesiredAccess);
644 if (h != INVALID_HANDLE_VALUE)
646 err = GetLastError();
647 if (err == ERROR_ACCESS_DENIED ||
648 err == ERROR_PRIVILEGE_NOT_HELD)
650 /* Don't increment partial_security_descriptors
651 * here or check WIMLIB_EXTRACT_FLAG_STRICT_ACLS
652 * here. It will be done later if needed; here
653 * we are just trying to get as many relevant
654 * access rights as possible. */
655 if (dwDesiredAccess & ACCESS_SYSTEM_SECURITY) {
656 dwDesiredAccess &= ~ACCESS_SYSTEM_SECURITY;
659 if (dwDesiredAccess & WRITE_DAC) {
660 dwDesiredAccess &= ~WRITE_DAC;
663 if (dwDesiredAccess & WRITE_OWNER) {
664 dwDesiredAccess &= ~WRITE_OWNER;
668 /* Other error, or couldn't open the file even with no
669 * access rights specified. Something else must be
671 set_errno_from_win32_error(err);
672 return WIMLIB_ERR_SET_SECURITY;
677 /* Try setting the security descriptor. */
681 err = do_win32_set_security_descriptor(h, path, info,
682 (PSECURITY_DESCRIPTOR)desc);
683 if (err == ERROR_SUCCESS) {
688 /* Failed to set the requested parts of the security descriptor.
689 * If the error was permissions-related, try to set fewer parts
690 * of the security descriptor, unless
691 * WIMLIB_EXTRACT_FLAG_STRICT_ACLS is enabled. */
692 if ((err == ERROR_PRIVILEGE_NOT_HELD ||
693 err == ERROR_ACCESS_DENIED) &&
694 !(ctx->extract_flags & WIMLIB_EXTRACT_FLAG_STRICT_ACLS))
696 if (info & SACL_SECURITY_INFORMATION) {
697 info &= ~SACL_SECURITY_INFORMATION;
698 ctx->partial_security_descriptors++;
701 if (info & DACL_SECURITY_INFORMATION) {
702 info &= ~DACL_SECURITY_INFORMATION;
705 if (info & OWNER_SECURITY_INFORMATION) {
706 info &= ~OWNER_SECURITY_INFORMATION;
709 /* Nothing left except GROUP, and if we removed it we
710 * wouldn't have anything at all. */
712 /* No part of the security descriptor could be set, or
713 * WIMLIB_EXTRACT_FLAG_STRICT_ACLS is enabled and the full
714 * security descriptor could not be set. */
715 if (!(info & SACL_SECURITY_INFORMATION))
716 ctx->partial_security_descriptors--;
717 set_errno_from_win32_error(err);
718 ret = WIMLIB_ERR_SET_SECURITY;
722 /* Close handle opened for NtSetSecurityObject(). */
724 if (func_NtSetSecurityObject)
731 win32_set_timestamps(const wchar_t *path, u64 creation_time,
732 u64 last_write_time, u64 last_access_time,
733 struct apply_ctx *ctx)
737 FILETIME creationTime = {.dwLowDateTime = creation_time & 0xffffffff,
738 .dwHighDateTime = creation_time >> 32};
739 FILETIME lastAccessTime = {.dwLowDateTime = last_access_time & 0xffffffff,
740 .dwHighDateTime = last_access_time >> 32};
741 FILETIME lastWriteTime = {.dwLowDateTime = last_write_time & 0xffffffff,
742 .dwHighDateTime = last_write_time >> 32};
744 h = win32_open_existing_file(path, FILE_WRITE_ATTRIBUTES);
745 if (h == INVALID_HANDLE_VALUE)
748 if (!SetFileTime(h, &creationTime, &lastAccessTime, &lastWriteTime))
749 goto error_close_handle;
757 err = GetLastError();
761 set_errno_from_GetLastError();
762 return WIMLIB_ERR_SET_TIMESTAMPS;
765 const struct apply_operations win32_apply_ops = {
768 .target_is_root = win32_path_is_root_of_drive,
769 .start_extract = win32_start_extract,
770 .create_file = win32_create_file,
771 .create_directory = win32_create_directory,
772 .create_hardlink = win32_create_hardlink,
773 .create_symlink = win32_create_symlink,
774 .extract_unnamed_stream = win32_extract_unnamed_stream,
775 .extract_named_stream = win32_extract_named_stream,
776 .extract_encrypted_stream = win32_extract_encrypted_stream,
777 .set_file_attributes = win32_set_file_attributes,
778 .set_reparse_data = win32_set_reparse_data,
779 .set_short_name = win32_set_short_name,
780 .set_security_descriptor = win32_set_security_descriptor,
781 .set_timestamps = win32_set_timestamps,
783 .path_prefix = L"\\\\?\\",
784 .path_prefix_nchars = 4,
785 .path_separator = L'\\',
788 .requires_realtarget_in_paths = 1,
789 .realpath_works_on_nonexisting_files = 1,
790 .root_directory_is_special = 1,
791 .requires_final_set_attributes_pass = 1,
792 .extract_encrypted_stream_creates_file = 1,
793 .requires_short_name_reordering = 1, /* TODO: check if this is really needed */
796 #endif /* __WIN32__ */