*/
/*
- * Copyright (C) 2013 Eric Biggers
+ * Copyright (C) 2013, 2014 Eric Biggers
*
* This file is part of wimlib, a library for working with WIM files.
*
#include "wimlib/win32_common.h"
#include "wimlib/apply.h"
+#include "wimlib/capture.h" /* for mangle_pat() and match_pattern_list() */
+#include "wimlib/dentry.h"
#include "wimlib/error.h"
#include "wimlib/lookup_table.h"
+#include "wimlib/resource.h"
+#include "wimlib/textfile.h"
+#include "wimlib/xml.h"
+#include "wimlib/wim.h"
+#include "wimlib/wimboot.h"
+
+struct win32_apply_private_data {
+ u64 data_source_id;
+ struct string_set *prepopulate_pats;
+ void *mem_prepopulate_pats;
+ u8 wim_lookup_table_hash[SHA1_HASH_SIZE];
+ bool wof_running;
+};
+
+static struct win32_apply_private_data *
+get_private_data(struct apply_ctx *ctx)
+{
+ BUILD_BUG_ON(sizeof(ctx->private) < sizeof(struct win32_apply_private_data));
+ return (struct win32_apply_private_data *)(ctx->private);
+}
+
+static void
+free_prepopulate_pats(struct win32_apply_private_data *dat)
+{
+ if (dat->prepopulate_pats) {
+ FREE(dat->prepopulate_pats->strings);
+ FREE(dat->prepopulate_pats);
+ dat->prepopulate_pats = NULL;
+ }
+
+ if (dat->mem_prepopulate_pats) {
+ FREE(dat->mem_prepopulate_pats);
+ dat->mem_prepopulate_pats = NULL;
+ }
+}
+
+static int
+load_prepopulate_pats(struct apply_ctx *ctx)
+{
+ int ret;
+ struct wim_dentry *dentry;
+ struct wim_lookup_table_entry *lte;
+ struct string_set *s;
+ const tchar *path = WIMLIB_WIM_PATH_SEPARATOR_STRING T("Windows")
+ WIMLIB_WIM_PATH_SEPARATOR_STRING T("System32")
+ WIMLIB_WIM_PATH_SEPARATOR_STRING T("WimBootCompress.ini");
+ void *buf;
+ void *mem;
+ struct text_file_section sec;
+ struct win32_apply_private_data *dat = get_private_data(ctx);
+
+ dentry = get_dentry(ctx->wim, path, WIMLIB_CASE_INSENSITIVE);
+ if (!dentry ||
+ (dentry->d_inode->i_attributes & (FILE_ATTRIBUTE_DIRECTORY |
+ FILE_ATTRIBUTE_REPARSE_POINT |
+ FILE_ATTRIBUTE_ENCRYPTED)) ||
+ !(lte = inode_unnamed_lte(dentry->d_inode, ctx->wim->lookup_table)))
+ {
+ WARNING("%"TS" does not exist in WIM image!", path);
+ return WIMLIB_ERR_PATH_DOES_NOT_EXIST;
+ }
+
+ ret = read_full_stream_into_alloc_buf(lte, &buf);
+ if (ret)
+ return ret;
+
+ s = CALLOC(1, sizeof(struct string_set));
+ if (!s) {
+ FREE(buf);
+ return WIMLIB_ERR_NOMEM;
+ }
+
+ sec.name = T("PrepopulateList");
+ sec.strings = s;
+
+ ret = do_load_text_file(path, buf, lte->size, &mem, &sec, 1,
+ LOAD_TEXT_FILE_REMOVE_QUOTES |
+ LOAD_TEXT_FILE_NO_WARNINGS,
+ mangle_pat);
+ BUILD_BUG_ON(OS_PREFERRED_PATH_SEPARATOR != WIM_PATH_SEPARATOR);
+ FREE(buf);
+ if (ret) {
+ FREE(s);
+ return ret;
+ }
+ dat->prepopulate_pats = s;
+ dat->mem_prepopulate_pats = mem;
+ return 0;
+}
+
+static bool
+in_prepopulate_list(struct wim_dentry *dentry, struct apply_ctx *ctx)
+{
+ struct string_set *pats;
+ const tchar *path;
+
+ pats = get_private_data(ctx)->prepopulate_pats;
+ if (!pats || !pats->num_strings)
+ return false;
+
+ path = dentry_full_path(dentry);
+ if (!path)
+ return false;
+
+ return match_pattern_list(path, tstrlen(path), pats);
+}
+
+static int
+hash_lookup_table(WIMStruct *wim, u8 hash[SHA1_HASH_SIZE])
+{
+ return wim_reshdr_to_hash(&wim->hdr.lookup_table_reshdr, wim, hash);
+}
+
+/* Given a Windows-style path, return the number of characters of the prefix
+ * that specify the path to the root directory of a drive, or return 0 if the
+ * drive is relative (or at least on the current drive, in the case of
+ * absolute-but-not-really-absolute paths like \Windows\System32) */
+static size_t
+win32_path_drive_spec_len(const wchar_t *path)
+{
+ size_t n = 0;
+
+ if (!wcsncmp(path, L"\\\\?\\", 4)) {
+ /* \\?\-prefixed path. Check for following drive letter and
+ * path separator. */
+ if (path[4] != L'\0' && path[5] == L':' &&
+ is_any_path_separator(path[6]))
+ n = 7;
+ } else {
+ /* Not a \\?\-prefixed path. Check for an initial drive letter
+ * and path separator. */
+ if (path[0] != L'\0' && path[1] == L':' &&
+ is_any_path_separator(path[2]))
+ n = 3;
+ }
+ /* Include any additional path separators.*/
+ if (n > 0)
+ while (is_any_path_separator(path[n]))
+ n++;
+ return n;
+}
+
+static bool
+win32_path_is_root_of_drive(const wchar_t *path)
+{
+ size_t drive_spec_len;
+ wchar_t full_path[32768];
+ DWORD ret;
+
+ ret = GetFullPathName(path, ARRAY_LEN(full_path), full_path, NULL);
+ if (ret > 0 && ret < ARRAY_LEN(full_path))
+ path = full_path;
+
+ /* Explicit drive letter and path separator? */
+ drive_spec_len = win32_path_drive_spec_len(path);
+ if (drive_spec_len > 0 && path[drive_spec_len] == L'\0')
+ return true;
+
+ /* All path separators? */
+ for (const wchar_t *p = path; *p != L'\0'; p++)
+ if (!is_any_path_separator(*p))
+ return false;
+ return true;
+}
+
+/* Given a path, which may not yet exist, get a set of flags that describe the
+ * features of the volume the path is on. */
+static int
+win32_get_vol_flags(const wchar_t *path, unsigned *vol_flags_ret,
+ bool *supports_SetFileShortName_ret)
+{
+ wchar_t *volume;
+ BOOL bret;
+ DWORD vol_flags;
+ size_t drive_spec_len;
+ wchar_t filesystem_name[MAX_PATH + 1];
+
+ if (supports_SetFileShortName_ret)
+ *supports_SetFileShortName_ret = false;
+
+ drive_spec_len = win32_path_drive_spec_len(path);
+
+ if (drive_spec_len == 0)
+ if (path[0] != L'\0' && path[1] == L':') /* Drive-relative path? */
+ drive_spec_len = 2;
+
+ if (drive_spec_len == 0) {
+ /* Path does not start with a drive letter; use the volume of
+ * the current working directory. */
+ volume = NULL;
+ } else {
+ /* Path starts with a drive letter (or \\?\ followed by a drive
+ * letter); use it. */
+ volume = alloca((drive_spec_len + 2) * sizeof(wchar_t));
+ wmemcpy(volume, path, drive_spec_len);
+ /* Add trailing backslash in case this was a drive-relative
+ * path. */
+ volume[drive_spec_len] = L'\\';
+ volume[drive_spec_len + 1] = L'\0';
+ }
+ bret = GetVolumeInformation(
+ volume, /* lpRootPathName */
+ NULL, /* lpVolumeNameBuffer */
+ 0, /* nVolumeNameSize */
+ NULL, /* lpVolumeSerialNumber */
+ NULL, /* lpMaximumComponentLength */
+ &vol_flags, /* lpFileSystemFlags */
+ filesystem_name, /* lpFileSystemNameBuffer */
+ ARRAY_LEN(filesystem_name)); /* nFileSystemNameSize */
+ if (!bret) {
+ set_errno_from_GetLastError();
+ WARNING_WITH_ERRNO("Failed to get volume information for "
+ "path \"%ls\"", path);
+ vol_flags = 0xffffffff;
+ goto out;
+ }
+
+ if (wcsstr(filesystem_name, L"NTFS")) {
+ /* FILE_SUPPORTS_HARD_LINKS is only supported on Windows 7 and later.
+ * Force it on anyway if filesystem is NTFS. */
+ vol_flags |= FILE_SUPPORTS_HARD_LINKS;
+
+ if (supports_SetFileShortName_ret)
+ *supports_SetFileShortName_ret = true;
+ }
+
+out:
+ DEBUG("using vol_flags = %x", vol_flags);
+ *vol_flags_ret = vol_flags;
+ return 0;
+}
static int
win32_start_extract(const wchar_t *path, struct apply_ctx *ctx)
int ret;
unsigned vol_flags;
bool supports_SetFileShortName;
+ struct win32_apply_private_data *dat = get_private_data(ctx);
ret = win32_get_vol_flags(path, &vol_flags, &supports_SetFileShortName);
if (ret)
- return ret;
+ goto err;
ctx->supported_features.archive_files = 1;
ctx->supported_features.hidden_files = 1;
if (vol_flags & FILE_SUPPORTS_REPARSE_POINTS) {
ctx->supported_features.reparse_points = 1;
- if (win32func_CreateSymbolicLinkW)
+ if (func_CreateSymbolicLinkW)
ctx->supported_features.symlink_reparse_points = 1;
}
if (supports_SetFileShortName)
ctx->supported_features.short_names = 1;
+
+ if (ctx->extract_flags & WIMLIB_EXTRACT_FLAG_WIMBOOT) {
+
+ ret = load_prepopulate_pats(ctx);
+ if (ret == WIMLIB_ERR_NOMEM)
+ goto err;
+
+ if (!wim_info_get_wimboot(ctx->wim->wim_info,
+ ctx->wim->current_image))
+ WARNING("Image is not marked as WIMBoot compatible!");
+
+
+ ret = hash_lookup_table(ctx->wim, dat->wim_lookup_table_hash);
+ if (ret)
+ goto err;
+
+ ret = wimboot_alloc_data_source_id(ctx->wim->filename,
+ ctx->wim->hdr.guid,
+ ctx->wim->current_image,
+ path,
+ &dat->data_source_id,
+ &dat->wof_running);
+ if (ret)
+ goto err;
+ }
+
return 0;
+
+err:
+ free_prepopulate_pats(dat);
+ return ret;
+}
+
+static int
+win32_finish_extract(struct apply_ctx *ctx)
+{
+ free_prepopulate_pats(get_private_data(ctx));
+ return 0;
+}
+
+/* Delete a non-directory file, working around Windows quirks. */
+static BOOL
+win32_delete_file_wrapper(const wchar_t *path)
+{
+ DWORD err;
+ DWORD attrib;
+
+ if (DeleteFile(path))
+ return TRUE;
+
+ err = GetLastError();
+ attrib = GetFileAttributes(path);
+ if ((attrib != INVALID_FILE_ATTRIBUTES) &&
+ (attrib & FILE_ATTRIBUTE_READONLY))
+ {
+ /* Try again with FILE_ATTRIBUTE_READONLY cleared. */
+ attrib &= ~FILE_ATTRIBUTE_READONLY;
+ if (SetFileAttributes(path, attrib)) {
+ if (DeleteFile(path))
+ return TRUE;
+ else
+ err = GetLastError();
+ }
+ }
+
+ SetLastError(err);
+ return FALSE;
}
+
+/* Create a normal file, overwriting one already present. */
static int
win32_create_file(const wchar_t *path, struct apply_ctx *ctx, u64 *cookie_ret)
{
HANDLE h;
- h = CreateFile(path, 0, 0, NULL, CREATE_ALWAYS,
- FILE_ATTRIBUTE_NORMAL | FILE_FLAG_BACKUP_SEMANTICS, NULL);
- if (h == INVALID_HANDLE_VALUE)
- goto error;
+ /* Notes:
+ *
+ * WRITE_OWNER and WRITE_DAC privileges are required for some reason,
+ * even through we're creating a new file.
+ *
+ * FILE_FLAG_OPEN_REPARSE_POINT is required to prevent an existing
+ * reparse point from redirecting the creation of the new file
+ * (potentially to an arbitrary location).
+ *
+ * CREATE_ALWAYS could be used instead of CREATE_NEW. However, there
+ * are quirks that would need to be handled (e.g. having to set
+ * FILE_ATTRIBUTE_HIDDEN and/or FILE_ATTRIBUTE_SYSTEM if the existing
+ * file had them specified, and/or having to clear
+ * FILE_ATTRIBUTE_READONLY on the existing file). It's simpler to just
+ * call win32_delete_file_wrapper() to delete the existing file in such
+ * a way that already handles the FILE_ATTRIBUTE_READONLY quirk.
+ */
+retry:
+ h = CreateFile(path, WRITE_OWNER | WRITE_DAC, 0, NULL, CREATE_NEW,
+ FILE_FLAG_BACKUP_SEMANTICS |
+ FILE_FLAG_OPEN_REPARSE_POINT, NULL);
+ if (h == INVALID_HANDLE_VALUE) {
+ DWORD err = GetLastError();
+
+ if (err == ERROR_FILE_EXISTS && win32_delete_file_wrapper(path))
+ goto retry;
+ set_errno_from_win32_error(err);
+ return WIMLIB_ERR_OPEN;
+ }
CloseHandle(h);
return 0;
-
-error:
- set_errno_from_GetLastError();
- return WIMLIB_ERR_OPEN;
}
static int
if (!CreateHardLink(newpath, oldpath, NULL)) {
if (GetLastError() != ERROR_ALREADY_EXISTS)
goto error;
- if (!DeleteFile(newpath))
+ if (!win32_delete_file_wrapper(newpath))
goto error;
if (!CreateHardLink(newpath, oldpath, NULL))
goto error;
win32_create_symlink(const wchar_t *oldpath, const wchar_t *newpath,
struct apply_ctx *ctx)
{
- if (!(*win32func_CreateSymbolicLinkW)(newpath, oldpath, 0)) {
+ if (!(*func_CreateSymbolicLinkW)(newpath, oldpath, 0)) {
if (GetLastError() != ERROR_ALREADY_EXISTS)
goto error;
- if (!DeleteFile(newpath))
+ if (!win32_delete_file_wrapper(newpath))
goto error;
- if (!(*win32func_CreateSymbolicLinkW)(newpath, oldpath, 0))
+ if (!(*func_CreateSymbolicLinkW)(newpath, oldpath, 0))
goto error;
}
return 0;
stream_path = alloca(sizeof(wchar_t) *
(wcslen(path) + 1 +
wcslen(stream_name) + 1));
- swprintf(stream_path, L"%ls:%ls", path, stream_name);
+ tsprintf(stream_path, L"%ls:%ls", path, stream_name);
}
h = CreateFile(stream_path, FILE_WRITE_DATA, 0, NULL,
creationDisposition, FILE_FLAG_BACKUP_SEMANTICS |
FILE_FLAG_OPEN_REPARSE_POINT,
NULL);
- if (h == INVALID_HANDLE_VALUE)
- goto error;
+ if (h == INVALID_HANDLE_VALUE) {
+ set_errno_from_GetLastError();
+ ret = WIMLIB_ERR_OPEN;
+ goto out;
+ }
- ret = 0;
- if (!lte)
+ if (!lte) {
+ ret = 0;
goto out_close_handle;
- ret = extract_wim_resource(lte, wim_resource_size(lte),
- win32_extract_wim_chunk, h);
-out_close_handle:
- if (!CloseHandle(h))
- goto error;
- if (ret && !errno)
- errno = -1;
- return ret;
+ }
-error:
+ if (!SetFilePointerEx(h,
+ (LARGE_INTEGER) { .QuadPart = lte->size},
+ NULL,
+ FILE_BEGIN))
+ goto write_error;
+
+ if (!SetEndOfFile(h))
+ goto write_error;
+
+ if (!SetFilePointerEx(h,
+ (LARGE_INTEGER) { .QuadPart = 0},
+ NULL,
+ FILE_BEGIN))
+ goto write_error;
+
+ ret = extract_stream(lte, lte->size, win32_extract_wim_chunk, h);
+ goto out_close_handle;
+
+write_error:
set_errno_from_GetLastError();
- return WIMLIB_ERR_WRITE;
+ ret = WIMLIB_ERR_WRITE;
+
+out_close_handle:
+ if (!CloseHandle(h)) {
+ if (!ret) {
+ set_errno_from_GetLastError();
+ ret = WIMLIB_ERR_WRITE;
+ }
+ }
+out:
+ return ret;
}
static int
win32_extract_unnamed_stream(file_spec_t file,
struct wim_lookup_table_entry *lte,
- struct apply_ctx *ctx)
+ struct apply_ctx *ctx,
+ struct wim_dentry *dentry)
{
+ if (ctx->extract_flags & WIMLIB_EXTRACT_FLAG_WIMBOOT
+ && lte
+ && lte->resource_location == RESOURCE_IN_WIM
+ && lte->rspec->wim == ctx->wim
+ && lte->size == lte->rspec->uncompressed_size)
+ {
+ if (in_prepopulate_list(dentry, ctx)) {
+ if (ctx->progress_func) {
+ union wimlib_progress_info info;
+
+ info.wimboot_exclude.path_in_wim = dentry->_full_path;
+ info.wimboot_exclude.extraction_path = file.path;
+
+ ctx->progress_func(WIMLIB_PROGRESS_MSG_WIMBOOT_EXCLUDE,
+ &info);
+ }
+ } else {
+ const struct win32_apply_private_data *dat;
+
+ dat = get_private_data(ctx);
+ return wimboot_set_pointer(file.path, lte,
+ dat->data_source_id,
+ dat->wim_lookup_table_hash,
+ dat->wof_running);
+ }
+ }
+
return win32_extract_stream(file.path, NULL, 0, lte, ctx);
}
unsigned long len = *len_p;
const struct wim_lookup_table_entry *lte = import_ctx->lte;
- len = min(len, wim_resource_size(lte) - import_ctx->offset);
+ len = min(len, lte->size - import_ctx->offset);
- if (read_partial_wim_resource_into_buf(lte, len, import_ctx->offset, data))
+ if (read_partial_wim_stream_into_buf(lte, len, import_ctx->offset, data))
return ERROR_READ_FAULT;
import_ctx->offset += len;
}
static int
-win32_extract_encrypted_stream(file_spec_t file,
+win32_extract_encrypted_stream(const wchar_t *path,
struct wim_lookup_table_entry *lte,
struct apply_ctx *ctx)
{
- const tchar *path = file.path;
void *file_ctx;
DWORD err;
int ret;
err = OpenEncryptedFileRaw(path, CREATE_FOR_IMPORT, &file_ctx);
if (err != ERROR_SUCCESS) {
- errno = win32_error_to_errno(err);
+ set_errno_from_win32_error(err);
ret = WIMLIB_ERR_OPEN;
goto out;
}
err = WriteEncryptedFileRaw(win32_encrypted_import_cb, &extract_ctx,
file_ctx);
if (err != ERROR_SUCCESS) {
- errno = win32_error_to_errno(err);
+ set_errno_from_win32_error(err);
ret = WIMLIB_ERR_WRITE;
goto out_close;
}
USHORT compression_format = COMPRESSION_FORMAT_DEFAULT;
DWORD bytes_returned;
- h = CreateFile(path, GENERIC_READ | GENERIC_WRITE, 0, NULL,
- OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS |
- FILE_FLAG_OPEN_REPARSE_POINT,
- NULL);
+ h = win32_open_existing_file(path, GENERIC_READ | GENERIC_WRITE);
if (h == INVALID_HANDLE_VALUE)
goto error;
FILE_ATTRIBUTE_ENCRYPTED;
u32 actual_attributes;
- /* On FAT filesystems we can't set FILE_ATTRIBUTE_READONLY on the
- * initial pass (when files are created, but data not extracted);
- * otherwise the system will refuse access to the file even if the
- * process has SeRestorePrivilege. */
+ /* Delay setting FILE_ATTRIBUTE_READONLY on the initial pass (when files
+ * are created, but data not extracted); otherwise the system will
+ * refuse access to the file even if the process has SeRestorePrivilege.
+ */
if (pass == 0)
attributes &= ~FILE_ATTRIBUTE_READONLY;
DWORD bytes_returned;
USHORT compression_format = COMPRESSION_FORMAT_NONE;
- h = CreateFile(path, GENERIC_READ | GENERIC_WRITE, 0, NULL,
- OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS |
- FILE_FLAG_OPEN_REPARSE_POINT,
- NULL);
+ h = win32_open_existing_file(path, GENERIC_READ | GENERIC_WRITE);
if (h == INVALID_HANDLE_VALUE)
goto error;
DWORD err;
DWORD bytes_returned;
- h = CreateFile(path, GENERIC_WRITE, 0, NULL,
- OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS |
- FILE_FLAG_OPEN_REPARSE_POINT,
- NULL);
+ h = win32_open_existing_file(path, GENERIC_WRITE);
if (h == INVALID_HANDLE_VALUE)
goto error;
HANDLE h;
DWORD err;
- h = CreateFile(path, GENERIC_WRITE | DELETE, 0, NULL,
- OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS |
- FILE_FLAG_OPEN_REPARSE_POINT,
- NULL);
+ h = win32_open_existing_file(path, GENERIC_WRITE | DELETE);
if (h == INVALID_HANDLE_VALUE)
goto error;
return WIMLIB_ERR_WRITE; /* XXX: need better error code */
}
+/*
+ * Set an arbitrary security descriptor on an arbitrary file (or directory),
+ * working around bugs and design flaws in the Windows operating system.
+ *
+ * On success, return 0. On failure, return WIMLIB_ERR_SET_SECURITY and set
+ * errno. Note: if WIMLIB_EXTRACT_FLAG_STRICT_ACLS is not set in
+ * ctx->extract_flags, this function succeeds iff any part of the security
+ * descriptor was successfully set.
+ */
static int
-win32_set_security_descriptor(const wchar_t *path, const u8 *desc, size_t desc_size,
- struct apply_ctx *ctx)
+win32_set_security_descriptor(const wchar_t *path, const u8 *desc,
+ size_t desc_size, struct apply_ctx *ctx)
{
SECURITY_INFORMATION info;
+ DWORD dwDesiredAccess;
+ HANDLE h;
+ DWORD status;
+ int ret;
- info = OWNER_SECURITY_INFORMATION |
- GROUP_SECURITY_INFORMATION |
- DACL_SECURITY_INFORMATION |
- SACL_SECURITY_INFORMATION;
-retry:
- if (!SetFileSecurity(path, info, (PSECURITY_DESCRIPTOR)desc)) {
- if (!(ctx->extract_flags & WIMLIB_EXTRACT_FLAG_STRICT_ACLS) &&
- GetLastError() == ERROR_PRIVILEGE_NOT_HELD &&
- (info & SACL_SECURITY_INFORMATION))
+ /* We really just want to set entire the security descriptor as-is, but
+ * all available APIs require specifying the specific parts of the
+ * descriptor being set. Start out by requesting all parts be set. If
+ * permissions problems are encountered, fall back to omitting some
+ * parts (first the SACL, then the DACL, then the owner), unless the
+ * WIMLIB_EXTRACT_FLAG_STRICT_ACLS flag has been enabled. */
+ info = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
+ DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
+
+ /* Prefer NtSetSecurityObject() to SetFileSecurity(). SetFileSecurity()
+ * itself necessarily uses NtSetSecurityObject() as the latter is the
+ * underlying system call for setting security information, but
+ * SetFileSecurity() opens the handle with NtCreateFile() without
+ * FILE_OPEN_FILE_BACKUP_INTENT. Hence, access checks are done and due
+ * to the Windows security model, even a process running as the
+ * Administrator can have access denied. (Of course, this not mentioned
+ * in the MS "documentation".) */
+
+ /* Open a handle for NtSetSecurityObject() with as many relevant
+ * access rights as possible.
+ *
+ * We don't know which rights will be actually granted. It
+ * could be less than what is needed to actually assign the full
+ * security descriptor, especially if the process is running as
+ * a non-Administrator. However, by default we just do the best
+ * we can, unless WIMLIB_EXTRACT_FLAG_STRICT_ACLS has been
+ * enabled. The MAXIMUM_ALLOWED access right is seemingly
+ * designed for this use case; however, it does not work
+ * properly in all cases: it can cause CreateFile() to fail with
+ * ERROR_ACCESS_DENIED, even though by definition
+ * MAXIMUM_ALLOWED access only requests access rights that are
+ * *not* denied. (Needless to say, MS does not document this
+ * bug.) */
+
+ dwDesiredAccess = WRITE_DAC | WRITE_OWNER | ACCESS_SYSTEM_SECURITY;
+ while ((h = win32_open_existing_file(path,
+ dwDesiredAccess)) == INVALID_HANDLE_VALUE)
+ {
+ DWORD err;
+
+ err = GetLastError();
+ if (err == ERROR_ACCESS_DENIED ||
+ err == ERROR_PRIVILEGE_NOT_HELD)
{
- info &= ~SACL_SECURITY_INFORMATION;
- goto retry;
+ /* Don't increment partial_security_descriptors
+ * here or check WIMLIB_EXTRACT_FLAG_STRICT_ACLS
+ * here. It will be done later if needed; here
+ * we are just trying to get as many relevant
+ * access rights as possible. */
+ if (dwDesiredAccess & ACCESS_SYSTEM_SECURITY) {
+ dwDesiredAccess &= ~ACCESS_SYSTEM_SECURITY;
+ continue;
+ }
+ if (dwDesiredAccess & WRITE_DAC) {
+ dwDesiredAccess &= ~WRITE_DAC;
+ continue;
+ }
+ if (dwDesiredAccess & WRITE_OWNER) {
+ dwDesiredAccess &= ~WRITE_OWNER;
+ continue;
+ }
}
- goto error;
+ /* Other error, or couldn't open the file even with no
+ * access rights specified. Something else must be
+ * wrong. */
+ set_errno_from_win32_error(err);
+ return WIMLIB_ERR_SET_SECURITY;
}
- return 0;
-error:
- set_errno_from_GetLastError();
- return WIMLIB_ERR_SET_SECURITY;
+ /* Try setting the security descriptor. */
+ ret = 0;
+ while (!(NT_SUCCESS(status = (*func_NtSetSecurityObject)(h,
+ info,
+ (PSECURITY_DESCRIPTOR)desc))))
+ {
+ /* Failed to set the requested parts of the security descriptor.
+ * If the error was permissions-related, try to set fewer parts
+ * of the security descriptor, unless
+ * WIMLIB_EXTRACT_FLAG_STRICT_ACLS is enabled. */
+ if ((status == STATUS_PRIVILEGE_NOT_HELD ||
+ status == STATUS_ACCESS_DENIED) &&
+ !(ctx->extract_flags & WIMLIB_EXTRACT_FLAG_STRICT_ACLS))
+ {
+ if (info & SACL_SECURITY_INFORMATION) {
+ info &= ~SACL_SECURITY_INFORMATION;
+ ctx->partial_security_descriptors++;
+ continue;
+ }
+ if (info & DACL_SECURITY_INFORMATION) {
+ info &= ~DACL_SECURITY_INFORMATION;
+ continue;
+ }
+ if (info & OWNER_SECURITY_INFORMATION) {
+ info &= ~OWNER_SECURITY_INFORMATION;
+ continue;
+ }
+ /* Nothing left except GROUP, and if we removed it we
+ * wouldn't have anything at all. */
+ }
+ /* No part of the security descriptor could be set, or
+ * WIMLIB_EXTRACT_FLAG_STRICT_ACLS is enabled and the full
+ * security descriptor could not be set. */
+ if (!(info & SACL_SECURITY_INFORMATION))
+ ctx->partial_security_descriptors--;
+ set_errno_from_nt_status(status);
+ ret = WIMLIB_ERR_SET_SECURITY;
+ break;
+ }
+
+ /* Close handle opened for NtSetSecurityObject(). */
+ CloseHandle(h);
+ return ret;
}
static int
FILETIME lastWriteTime = {.dwLowDateTime = last_write_time & 0xffffffff,
.dwHighDateTime = last_write_time >> 32};
- h = CreateFile(path, FILE_WRITE_ATTRIBUTES, 0, NULL,
- OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS |
- FILE_FLAG_OPEN_REPARSE_POINT,
- NULL);
+ h = win32_open_existing_file(path, FILE_WRITE_ATTRIBUTES);
if (h == INVALID_HANDLE_VALUE)
goto error;
.target_is_root = win32_path_is_root_of_drive,
.start_extract = win32_start_extract,
+ .finish_extract = win32_finish_extract,
+ .abort_extract = win32_finish_extract,
.create_file = win32_create_file,
.create_directory = win32_create_directory,
.create_hardlink = win32_create_hardlink,
.realpath_works_on_nonexisting_files = 1,
.root_directory_is_special = 1,
.requires_final_set_attributes_pass = 1,
+ .extract_encrypted_stream_creates_file = 1,
+ .requires_short_name_reordering = 1, /* TODO: check if this is really needed */
};
#endif /* __WIN32__ */