/*
* Copyright (C) 2013, 2014 Eric Biggers
*
- * This file is part of wimlib, a library for working with WIM files.
+ * This file is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 3 of the License, or (at your option) any
+ * later version.
*
- * wimlib is free software; you can redistribute it and/or modify it under the
- * terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 3 of the License, or (at your option)
- * any later version.
- *
- * wimlib is distributed in the hope that it will be useful, but WITHOUT ANY
- * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
- * A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * This file is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
* details.
*
- * You should have received a copy of the GNU General Public License
- * along with wimlib; if not, see http://www.gnu.org/licenses/.
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this file; if not, see http://www.gnu.org/licenses/.
*/
#ifdef __WIN32__
}
/*
- * Load the security descriptor of a file into the corresponding inode, and the
+ * Load the security descriptor of a file into the corresponding inode and the
* WIM image's security descriptor set.
*/
static NTSTATUS
ULONG len_needed;
NTSTATUS status;
- requestedInformation = DACL_SECURITY_INFORMATION |
+ /*
+ * LABEL_SECURITY_INFORMATION is needed on Windows Vista and 7 because
+ * Microsoft decided to add mandatory integrity labels to the SACL but
+ * not have them returned by SACL_SECURITY_INFORMATION.
+ *
+ * BACKUP_SECURITY_INFORMATION is needed on Windows 8 because Microsoft
+ * decided to add even more stuff to the SACL and still not have it
+ * returned by SACL_SECURITY_INFORMATION; but they did remember that
+ * backup applications exist and simply want to read the stupid thing
+ * once and for all, so they added a flag to read the entire security
+ * descriptor.
+ *
+ * Older versions of Windows tolerate these new flags being passed in.
+ */
+ requestedInformation = OWNER_SECURITY_INFORMATION |
+ GROUP_SECURITY_INFORMATION |
+ DACL_SECURITY_INFORMATION |
SACL_SECURITY_INFORMATION |
- OWNER_SECURITY_INFORMATION |
- GROUP_SECURITY_INFORMATION;
+ LABEL_SECURITY_INFORMATION |
+ BACKUP_SECURITY_INFORMATION;
+
buf = _buf;
bufsize = sizeof(_buf);
if (requestedInformation & SACL_SECURITY_INFORMATION) {
/* Try again without the SACL. */
stats->num_get_sacl_priv_notheld++;
- requestedInformation &= ~SACL_SECURITY_INFORMATION;
+ requestedInformation &= ~(SACL_SECURITY_INFORMATION |
+ LABEL_SECURITY_INFORMATION |
+ BACKUP_SECURITY_INFORMATION);
break;
}
/* Fake success (useful when capturing as
stream_id = 0;
inode->i_lte = lte;
}
+ lte->file_inode = inode;
add_unhashed_stream(lte, inode, stream_id, unhashed_streams);
return 0;
}