2 * win32_apply.c - Windows-specific code for applying files from a WIM image.
6 * Copyright (C) 2013 Eric Biggers
8 * This file is part of wimlib, a library for working with WIM files.
10 * wimlib is free software; you can redistribute it and/or modify it under the
11 * terms of the GNU General Public License as published by the Free
12 * Software Foundation; either version 3 of the License, or (at your option)
15 * wimlib is distributed in the hope that it will be useful, but WITHOUT ANY
16 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
17 * A PARTICULAR PURPOSE. See the GNU General Public License for more
20 * You should have received a copy of the GNU General Public License
21 * along with wimlib; if not, see http://www.gnu.org/licenses/.
30 #include "wimlib/win32_common.h"
32 #include "wimlib/apply.h"
33 #include "wimlib/error.h"
34 #include "wimlib/lookup_table.h"
37 win32_start_extract(const wchar_t *path, struct apply_ctx *ctx)
41 bool supports_SetFileShortName;
43 ret = win32_get_vol_flags(path, &vol_flags, &supports_SetFileShortName);
47 ctx->supported_features.archive_files = 1;
48 ctx->supported_features.hidden_files = 1;
49 ctx->supported_features.system_files = 1;
51 if (vol_flags & FILE_FILE_COMPRESSION)
52 ctx->supported_features.compressed_files = 1;
54 if (vol_flags & FILE_SUPPORTS_ENCRYPTION) {
55 ctx->supported_features.encrypted_files = 1;
56 ctx->supported_features.encrypted_directories = 1;
59 ctx->supported_features.not_context_indexed_files = 1;
61 if (vol_flags & FILE_SUPPORTS_SPARSE_FILES)
62 ctx->supported_features.sparse_files = 1;
64 if (vol_flags & FILE_NAMED_STREAMS)
65 ctx->supported_features.named_data_streams = 1;
67 if (vol_flags & FILE_SUPPORTS_HARD_LINKS)
68 ctx->supported_features.hard_links = 1;
70 if (vol_flags & FILE_SUPPORTS_REPARSE_POINTS) {
71 ctx->supported_features.reparse_points = 1;
72 if (win32func_CreateSymbolicLinkW)
73 ctx->supported_features.symlink_reparse_points = 1;
76 if (vol_flags & FILE_PERSISTENT_ACLS)
77 ctx->supported_features.security_descriptors = 1;
79 if (supports_SetFileShortName)
80 ctx->supported_features.short_names = 1;
84 /* Create a normal file, overwriting one already present. */
86 win32_create_file(const wchar_t *path, struct apply_ctx *ctx, u64 *cookie_ret)
89 unsigned retry_count = 0;
90 DWORD dwFlagsAndAttributes = FILE_FLAG_BACKUP_SEMANTICS;
93 /* WRITE_OWNER and WRITE_DAC privileges are required for some reason,
94 * even through we're creating a new file. */
95 h = CreateFile(path, WRITE_OWNER | WRITE_DAC, 0, NULL,
96 CREATE_ALWAYS, dwFlagsAndAttributes, NULL);
97 if (h == INVALID_HANDLE_VALUE) {
98 /* File couldn't be created. */
99 DWORD err = GetLastError();
100 if (err == ERROR_ACCESS_DENIED && retry_count == 0) {
102 /* Access denied error for the first time. Try
103 * adjusting file attributes. */
105 /* Get attributes of the existing file. */
106 DWORD attribs = GetFileAttributes(path);
107 if (attribs != INVALID_FILE_ATTRIBUTES &&
108 (attribs & (FILE_ATTRIBUTE_HIDDEN |
109 FILE_ATTRIBUTE_SYSTEM |
110 FILE_ATTRIBUTE_READONLY)))
112 /* If the existing file has
113 * FILE_ATTRIBUTE_HIDDEN and/or
114 * FILE_ATTRIBUTE_SYSTEM, they must be set in
115 * the call to CreateFile(). This is true even
116 * when FILE_ATTRIBUTE_NORMAL was not specified,
117 * contrary to the MS "documentation". */
118 dwFlagsAndAttributes |= (attribs &
119 (FILE_ATTRIBUTE_HIDDEN |
120 FILE_ATTRIBUTE_SYSTEM));
121 /* If the existing file has
122 * FILE_ATTRIBUTE_READONLY, it must be cleared
123 * before attempting to create a new file over
124 * it. This is true even when the process has
125 * the SE_RESTORE_NAME privilege and requested
126 * the FILE_FLAG_BACKUP_SEMANTICS flag to
128 if (attribs & FILE_ATTRIBUTE_READONLY) {
129 SetFileAttributes(path,
130 attribs & ~FILE_ATTRIBUTE_READONLY);
136 set_errno_from_win32_error(err);
137 return WIMLIB_ERR_OPEN;
144 win32_create_directory(const wchar_t *path, struct apply_ctx *ctx,
147 if (!CreateDirectory(path, NULL))
148 if (GetLastError() != ERROR_ALREADY_EXISTS)
153 set_errno_from_GetLastError();
154 return WIMLIB_ERR_MKDIR;
157 /* Delete a non-directory file, working around Windows quirks. */
159 win32_delete_file_wrapper(const wchar_t *path)
164 if (DeleteFile(path))
167 err = GetLastError();
168 attrib = GetFileAttributes(path);
169 if ((attrib != INVALID_FILE_ATTRIBUTES) &&
170 (attrib & FILE_ATTRIBUTE_READONLY))
172 /* Try again with FILE_ATTRIBUTE_READONLY cleared. */
173 attrib &= ~FILE_ATTRIBUTE_READONLY;
174 if (SetFileAttributes(path, attrib)) {
175 if (DeleteFile(path))
178 err = GetLastError();
187 win32_create_hardlink(const wchar_t *oldpath, const wchar_t *newpath,
188 struct apply_ctx *ctx)
190 if (!CreateHardLink(newpath, oldpath, NULL)) {
191 if (GetLastError() != ERROR_ALREADY_EXISTS)
193 if (!win32_delete_file_wrapper(newpath))
195 if (!CreateHardLink(newpath, oldpath, NULL))
201 set_errno_from_GetLastError();
202 return WIMLIB_ERR_LINK;
206 win32_create_symlink(const wchar_t *oldpath, const wchar_t *newpath,
207 struct apply_ctx *ctx)
209 if (!(*win32func_CreateSymbolicLinkW)(newpath, oldpath, 0)) {
210 if (GetLastError() != ERROR_ALREADY_EXISTS)
212 if (!win32_delete_file_wrapper(newpath))
214 if (!(*win32func_CreateSymbolicLinkW)(newpath, oldpath, 0))
220 set_errno_from_GetLastError();
221 return WIMLIB_ERR_LINK;
225 win32_extract_wim_chunk(const void *buf, size_t len, void *arg)
227 HANDLE h = (HANDLE)arg;
228 DWORD nbytes_written;
230 if (unlikely(!WriteFile(h, buf, len, &nbytes_written, NULL)))
232 if (unlikely(nbytes_written != len))
237 set_errno_from_GetLastError();
238 return WIMLIB_ERR_WRITE;
242 win32_extract_stream(const wchar_t *path, const wchar_t *stream_name,
243 size_t stream_name_nchars,
244 struct wim_lookup_table_entry *lte, struct apply_ctx *ctx)
246 DWORD creationDisposition = OPEN_EXISTING;
247 wchar_t *stream_path = (wchar_t*)path;
251 if (stream_name_nchars) {
252 creationDisposition = CREATE_ALWAYS;
253 stream_path = alloca(sizeof(wchar_t) *
255 wcslen(stream_name) + 1));
256 tsprintf(stream_path, L"%ls:%ls", path, stream_name);
259 h = CreateFile(stream_path, FILE_WRITE_DATA, 0, NULL,
260 creationDisposition, FILE_FLAG_BACKUP_SEMANTICS |
261 FILE_FLAG_OPEN_REPARSE_POINT,
263 if (h == INVALID_HANDLE_VALUE)
268 goto out_close_handle;
269 ret = extract_stream(lte, lte->size, win32_extract_wim_chunk, h);
278 set_errno_from_GetLastError();
279 return WIMLIB_ERR_WRITE;
283 win32_extract_unnamed_stream(file_spec_t file,
284 struct wim_lookup_table_entry *lte,
285 struct apply_ctx *ctx)
287 return win32_extract_stream(file.path, NULL, 0, lte, ctx);
291 win32_extract_named_stream(file_spec_t file, const wchar_t *stream_name,
292 size_t stream_name_nchars,
293 struct wim_lookup_table_entry *lte, struct apply_ctx *ctx)
295 return win32_extract_stream(file.path, stream_name,
296 stream_name_nchars, lte, ctx);
299 struct win32_encrypted_extract_ctx {
300 const struct wim_lookup_table_entry *lte;
305 win32_encrypted_import_cb(unsigned char *data, void *_import_ctx,
306 unsigned long *len_p)
308 struct win32_encrypted_extract_ctx *import_ctx = _import_ctx;
309 unsigned long len = *len_p;
310 const struct wim_lookup_table_entry *lte = import_ctx->lte;
312 len = min(len, lte->size - import_ctx->offset);
314 if (read_partial_wim_stream_into_buf(lte, len, import_ctx->offset, data))
315 return ERROR_READ_FAULT;
317 import_ctx->offset += len;
319 return ERROR_SUCCESS;
323 win32_extract_encrypted_stream(const wchar_t *path,
324 struct wim_lookup_table_entry *lte,
325 struct apply_ctx *ctx)
330 struct win32_encrypted_extract_ctx extract_ctx;
332 err = OpenEncryptedFileRaw(path, CREATE_FOR_IMPORT, &file_ctx);
333 if (err != ERROR_SUCCESS) {
334 set_errno_from_win32_error(err);
335 ret = WIMLIB_ERR_OPEN;
339 extract_ctx.lte = lte;
340 extract_ctx.offset = 0;
341 err = WriteEncryptedFileRaw(win32_encrypted_import_cb, &extract_ctx,
343 if (err != ERROR_SUCCESS) {
344 set_errno_from_win32_error(err);
345 ret = WIMLIB_ERR_WRITE;
351 CloseEncryptedFileRaw(file_ctx);
357 win32_set_special_file_attributes(const wchar_t *path, u32 attributes)
361 USHORT compression_format = COMPRESSION_FORMAT_DEFAULT;
362 DWORD bytes_returned;
364 h = win32_open_existing_file(path, GENERIC_READ | GENERIC_WRITE);
365 if (h == INVALID_HANDLE_VALUE)
368 if (attributes & FILE_ATTRIBUTE_SPARSE_FILE)
369 if (!DeviceIoControl(h, FSCTL_SET_SPARSE,
372 &bytes_returned, NULL))
373 goto error_close_handle;
375 if (attributes & FILE_ATTRIBUTE_COMPRESSED)
376 if (!DeviceIoControl(h, FSCTL_SET_COMPRESSION,
377 &compression_format, sizeof(USHORT),
379 &bytes_returned, NULL))
380 goto error_close_handle;
385 if (attributes & FILE_ATTRIBUTE_ENCRYPTED)
386 if (!EncryptFile(path))
392 err = GetLastError();
400 win32_set_file_attributes(const wchar_t *path, u32 attributes,
401 struct apply_ctx *ctx, unsigned pass)
403 u32 special_attributes =
404 FILE_ATTRIBUTE_REPARSE_POINT |
405 FILE_ATTRIBUTE_DIRECTORY |
406 FILE_ATTRIBUTE_SPARSE_FILE |
407 FILE_ATTRIBUTE_COMPRESSED |
408 FILE_ATTRIBUTE_ENCRYPTED;
409 u32 actual_attributes;
411 /* Delay setting FILE_ATTRIBUTE_READONLY on the initial pass (when files
412 * are created, but data not extracted); otherwise the system will
413 * refuse access to the file even if the process has SeRestorePrivilege.
416 attributes &= ~FILE_ATTRIBUTE_READONLY;
418 if (!SetFileAttributes(path, attributes & ~special_attributes))
424 if (attributes & (FILE_ATTRIBUTE_SPARSE_FILE |
425 FILE_ATTRIBUTE_ENCRYPTED |
426 FILE_ATTRIBUTE_COMPRESSED))
427 if (!win32_set_special_file_attributes(path, attributes))
430 /* If file is not supposed to be encrypted or compressed, remove
431 * defaulted encrypted or compressed attributes (from creating file in
432 * encrypted or compressed directory). */
433 actual_attributes = GetFileAttributes(path);
434 if (actual_attributes == INVALID_FILE_ATTRIBUTES)
437 if ((actual_attributes & FILE_ATTRIBUTE_ENCRYPTED) &&
438 !(attributes & FILE_ATTRIBUTE_ENCRYPTED))
439 if (!DecryptFile(path, 0))
441 if ((actual_attributes & FILE_ATTRIBUTE_COMPRESSED) &&
442 !(attributes & FILE_ATTRIBUTE_COMPRESSED))
445 DWORD bytes_returned;
446 USHORT compression_format = COMPRESSION_FORMAT_NONE;
448 h = win32_open_existing_file(path, GENERIC_READ | GENERIC_WRITE);
449 if (h == INVALID_HANDLE_VALUE)
452 if (!DeviceIoControl(h, FSCTL_SET_COMPRESSION,
453 &compression_format, sizeof(USHORT),
455 &bytes_returned, NULL))
457 DWORD err = GetLastError();
470 set_errno_from_GetLastError();
471 return WIMLIB_ERR_SET_ATTRIBUTES;
475 win32_set_reparse_data(const wchar_t *path, const u8 *rpbuf, u16 rpbuflen,
476 struct apply_ctx *ctx)
480 DWORD bytes_returned;
482 h = win32_open_existing_file(path, GENERIC_WRITE);
483 if (h == INVALID_HANDLE_VALUE)
486 if (!DeviceIoControl(h, FSCTL_SET_REPARSE_POINT,
487 (void*)rpbuf, rpbuflen,
488 NULL, 0, &bytes_returned, NULL))
489 goto error_close_handle;
497 err = GetLastError();
501 set_errno_from_GetLastError();
502 return WIMLIB_ERR_WRITE; /* XXX: need better error code */
506 win32_set_short_name(const wchar_t *path, const wchar_t *short_name,
507 size_t short_name_nchars, struct apply_ctx *ctx)
512 h = win32_open_existing_file(path, GENERIC_WRITE | DELETE);
513 if (h == INVALID_HANDLE_VALUE)
516 if (short_name_nchars) {
517 if (!SetFileShortName(h, short_name))
518 goto error_close_handle;
519 } else if (running_on_windows_7_or_later()) {
520 if (!SetFileShortName(h, L""))
521 goto error_close_handle;
530 err = GetLastError();
534 set_errno_from_GetLastError();
535 return WIMLIB_ERR_WRITE; /* XXX: need better error code */
539 do_win32_set_security_descriptor(HANDLE h, const wchar_t *path,
540 SECURITY_INFORMATION info,
541 PSECURITY_DESCRIPTOR desc)
544 if (func_NtSetSecurityObject) {
545 return (*func_RtlNtStatusToDosError)(
546 (*func_NtSetSecurityObject)(h, info, desc));
549 if (SetFileSecurity(path, info, desc))
550 return ERROR_SUCCESS;
552 return GetLastError();
556 * Set an arbitrary security descriptor on an arbitrary file (or directory),
557 * working around bugs and design flaws in the Windows operating system.
559 * On success, return 0. On failure, return WIMLIB_ERR_SET_SECURITY and set
560 * errno. Note: if WIMLIB_EXTRACT_FLAG_STRICT_ACLS is not set in
561 * ctx->extract_flags, this function succeeds iff any part of the security
562 * descriptor was successfully set.
565 win32_set_security_descriptor(const wchar_t *path, const u8 *desc,
566 size_t desc_size, struct apply_ctx *ctx)
568 SECURITY_INFORMATION info;
572 /* We really just want to set entire the security descriptor as-is, but
573 * all available APIs require specifying the specific parts of the
574 * descriptor being set. Start out by requesting all parts be set. If
575 * permissions problems are encountered, fall back to omitting some
576 * parts (first the SACL, then the DACL, then the owner), unless the
577 * WIMLIB_EXTRACT_FLAG_STRICT_ACLS flag has been enabled. */
578 info = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
579 DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
581 h = INVALID_HANDLE_VALUE;
583 /* Prefer NtSetSecurityObject() to SetFileSecurity(). SetFileSecurity()
584 * itself necessarily uses NtSetSecurityObject() as the latter is the
585 * underlying system call for setting security information, but
586 * SetFileSecurity() opens the handle with NtCreateFile() without
587 * FILE_OPEN_FILE_BACKUP_INTENT. Hence, access checks are done and due
588 * to the Windows security model, even a process running as the
589 * Administrator can have access denied. (Of course, this not mentioned
590 * in the MS "documentation".) */
593 if (func_NtSetSecurityObject) {
594 DWORD dwDesiredAccess;
596 /* Open a handle for NtSetSecurityObject() with as many relevant
597 * access rights as possible.
599 * We don't know which rights will be actually granted. It
600 * could be less than what is needed to actually assign the full
601 * security descriptor, especially if the process is running as
602 * a non-Administrator. However, by default we just do the best
603 * we can, unless WIMLIB_EXTRACT_FLAG_STRICT_ACLS has been
604 * enabled. The MAXIMUM_ALLOWED access right is seemingly
605 * designed for this use case; however, it does not work
606 * properly in all cases: it can cause CreateFile() to fail with
607 * ERROR_ACCESS_DENIED, even though by definition
608 * MAXIMUM_ALLOWED access only requests access rights that are
609 * *not* denied. (Needless to say, MS does not document this
612 dwDesiredAccess = WRITE_DAC |
614 ACCESS_SYSTEM_SECURITY;
618 h = win32_open_existing_file(path, dwDesiredAccess);
619 if (h != INVALID_HANDLE_VALUE)
621 err = GetLastError();
622 if (err == ERROR_ACCESS_DENIED ||
623 err == ERROR_PRIVILEGE_NOT_HELD)
625 /* Don't increment partial_security_descriptors
626 * here or check WIMLIB_EXTRACT_FLAG_STRICT_ACLS
627 * here. It will be done later if needed; here
628 * we are just trying to get as many relevant
629 * access rights as possible. */
630 if (dwDesiredAccess & ACCESS_SYSTEM_SECURITY) {
631 dwDesiredAccess &= ~ACCESS_SYSTEM_SECURITY;
634 if (dwDesiredAccess & WRITE_DAC) {
635 dwDesiredAccess &= ~WRITE_DAC;
638 if (dwDesiredAccess & WRITE_OWNER) {
639 dwDesiredAccess &= ~WRITE_OWNER;
643 /* Other error, or couldn't open the file even with no
644 * access rights specified. Something else must be
646 set_errno_from_win32_error(err);
647 return WIMLIB_ERR_SET_SECURITY;
652 /* Try setting the security descriptor. */
656 err = do_win32_set_security_descriptor(h, path, info,
657 (PSECURITY_DESCRIPTOR)desc);
658 if (err == ERROR_SUCCESS) {
663 /* Failed to set the requested parts of the security descriptor.
664 * If the error was permissions-related, try to set fewer parts
665 * of the security descriptor, unless
666 * WIMLIB_EXTRACT_FLAG_STRICT_ACLS is enabled. */
667 if ((err == ERROR_PRIVILEGE_NOT_HELD ||
668 err == ERROR_ACCESS_DENIED) &&
669 !(ctx->extract_flags & WIMLIB_EXTRACT_FLAG_STRICT_ACLS))
671 if (info & SACL_SECURITY_INFORMATION) {
672 info &= ~SACL_SECURITY_INFORMATION;
673 ctx->partial_security_descriptors++;
676 if (info & DACL_SECURITY_INFORMATION) {
677 info &= ~DACL_SECURITY_INFORMATION;
680 if (info & OWNER_SECURITY_INFORMATION) {
681 info &= ~OWNER_SECURITY_INFORMATION;
684 /* Nothing left except GROUP, and if we removed it we
685 * wouldn't have anything at all. */
687 /* No part of the security descriptor could be set, or
688 * WIMLIB_EXTRACT_FLAG_STRICT_ACLS is enabled and the full
689 * security descriptor could not be set. */
690 if (!(info & SACL_SECURITY_INFORMATION))
691 ctx->partial_security_descriptors--;
692 set_errno_from_win32_error(err);
693 ret = WIMLIB_ERR_SET_SECURITY;
697 /* Close handle opened for NtSetSecurityObject(). */
699 if (func_NtSetSecurityObject)
706 win32_set_timestamps(const wchar_t *path, u64 creation_time,
707 u64 last_write_time, u64 last_access_time,
708 struct apply_ctx *ctx)
712 FILETIME creationTime = {.dwLowDateTime = creation_time & 0xffffffff,
713 .dwHighDateTime = creation_time >> 32};
714 FILETIME lastAccessTime = {.dwLowDateTime = last_access_time & 0xffffffff,
715 .dwHighDateTime = last_access_time >> 32};
716 FILETIME lastWriteTime = {.dwLowDateTime = last_write_time & 0xffffffff,
717 .dwHighDateTime = last_write_time >> 32};
719 h = win32_open_existing_file(path, FILE_WRITE_ATTRIBUTES);
720 if (h == INVALID_HANDLE_VALUE)
723 if (!SetFileTime(h, &creationTime, &lastAccessTime, &lastWriteTime))
724 goto error_close_handle;
732 err = GetLastError();
736 set_errno_from_GetLastError();
737 return WIMLIB_ERR_SET_TIMESTAMPS;
740 const struct apply_operations win32_apply_ops = {
743 .target_is_root = win32_path_is_root_of_drive,
744 .start_extract = win32_start_extract,
745 .create_file = win32_create_file,
746 .create_directory = win32_create_directory,
747 .create_hardlink = win32_create_hardlink,
748 .create_symlink = win32_create_symlink,
749 .extract_unnamed_stream = win32_extract_unnamed_stream,
750 .extract_named_stream = win32_extract_named_stream,
751 .extract_encrypted_stream = win32_extract_encrypted_stream,
752 .set_file_attributes = win32_set_file_attributes,
753 .set_reparse_data = win32_set_reparse_data,
754 .set_short_name = win32_set_short_name,
755 .set_security_descriptor = win32_set_security_descriptor,
756 .set_timestamps = win32_set_timestamps,
758 .path_prefix = L"\\\\?\\",
759 .path_prefix_nchars = 4,
760 .path_separator = L'\\',
763 .requires_realtarget_in_paths = 1,
764 .realpath_works_on_nonexisting_files = 1,
765 .root_directory_is_special = 1,
766 .requires_final_set_attributes_pass = 1,
767 .extract_encrypted_stream_creates_file = 1,
768 .requires_short_name_reordering = 1, /* TODO: check if this is really needed */
771 #endif /* __WIN32__ */