X-Git-Url: https://wimlib.net/git/?a=blobdiff_plain;f=src%2Fwin32_apply.c;h=df74519ddc4dcfc0ca14cbb38e518b63ac9a30f1;hb=28ebd986920812c7f91f30a3f3783d1ab3c951d0;hp=557572330946b99118b61d54f12be6fada7b613d;hpb=af1a9f0d89f9d4428776238a561a6a5b6900f2d4;p=wimlib diff --git a/src/win32_apply.c b/src/win32_apply.c index 55757233..df74519d 100644 --- a/src/win32_apply.c +++ b/src/win32_apply.c @@ -81,21 +81,63 @@ win32_start_extract(const wchar_t *path, struct apply_ctx *ctx) return 0; } +/* Create a normal file, overwriting one already present. */ static int win32_create_file(const wchar_t *path, struct apply_ctx *ctx, u64 *cookie_ret) { HANDLE h; - - h = CreateFile(path, 0, 0, NULL, CREATE_ALWAYS, - FILE_ATTRIBUTE_NORMAL | FILE_FLAG_BACKUP_SEMANTICS, NULL); - if (h == INVALID_HANDLE_VALUE) - goto error; + unsigned retry_count = 0; + DWORD dwFlagsAndAttributes = FILE_FLAG_BACKUP_SEMANTICS; + +retry: + /* WRITE_OWNER and WRITE_DAC privileges are required for some reason, + * even through we're creating a new file. */ + h = CreateFile(path, WRITE_OWNER | WRITE_DAC, 0, NULL, + CREATE_ALWAYS, dwFlagsAndAttributes, NULL); + if (h == INVALID_HANDLE_VALUE) { + /* File couldn't be created. */ + DWORD err = GetLastError(); + if (err == ERROR_ACCESS_DENIED && retry_count == 0) { + + /* Access denied error for the first time. Try + * adjusting file attributes. */ + + /* Get attributes of the existing file. */ + DWORD attribs = GetFileAttributes(path); + if (attribs != INVALID_FILE_ATTRIBUTES && + (attribs & (FILE_ATTRIBUTE_HIDDEN | + FILE_ATTRIBUTE_SYSTEM | + FILE_ATTRIBUTE_READONLY))) + { + /* If the existing file has + * FILE_ATTRIBUTE_HIDDEN and/or + * FILE_ATTRIBUTE_SYSTEM, they must be set in + * the call to CreateFile(). This is true even + * when FILE_ATTRIBUTE_NORMAL was not specified, + * contrary to the MS "documentation". */ + dwFlagsAndAttributes |= (attribs & + (FILE_ATTRIBUTE_HIDDEN | + FILE_ATTRIBUTE_SYSTEM)); + /* If the existing file has + * FILE_ATTRIBUTE_READONLY, it must be cleared + * before attempting to create a new file over + * it. This is true even when the process has + * the SE_RESTORE_NAME privilege and requested + * the FILE_FLAG_BACKUP_SEMANTICS flag to + * CreateFile(). */ + if (attribs & FILE_ATTRIBUTE_READONLY) { + SetFileAttributes(path, + attribs & ~FILE_ATTRIBUTE_READONLY); + } + retry_count++; + goto retry; + } + } + set_errno_from_win32_error(err); + return WIMLIB_ERR_OPEN; + } CloseHandle(h); return 0; - -error: - set_errno_from_GetLastError(); - return WIMLIB_ERR_OPEN; } static int @@ -112,6 +154,35 @@ error: return WIMLIB_ERR_MKDIR; } +/* Delete a non-directory file, working around Windows quirks. */ +static BOOL +win32_delete_file_wrapper(const wchar_t *path) +{ + DWORD err; + DWORD attrib; + + if (DeleteFile(path)) + return TRUE; + + err = GetLastError(); + attrib = GetFileAttributes(path); + if ((attrib != INVALID_FILE_ATTRIBUTES) && + (attrib & FILE_ATTRIBUTE_READONLY)) + { + /* Try again with FILE_ATTRIBUTE_READONLY cleared. */ + attrib &= ~FILE_ATTRIBUTE_READONLY; + if (SetFileAttributes(path, attrib)) { + if (DeleteFile(path)) + return TRUE; + else + err = GetLastError(); + } + } + + SetLastError(err); + return FALSE; +} + static int win32_create_hardlink(const wchar_t *oldpath, const wchar_t *newpath, struct apply_ctx *ctx) @@ -119,7 +190,7 @@ win32_create_hardlink(const wchar_t *oldpath, const wchar_t *newpath, if (!CreateHardLink(newpath, oldpath, NULL)) { if (GetLastError() != ERROR_ALREADY_EXISTS) goto error; - if (!DeleteFile(newpath)) + if (!win32_delete_file_wrapper(newpath)) goto error; if (!CreateHardLink(newpath, oldpath, NULL)) goto error; @@ -138,7 +209,7 @@ win32_create_symlink(const wchar_t *oldpath, const wchar_t *newpath, if (!(*win32func_CreateSymbolicLinkW)(newpath, oldpath, 0)) { if (GetLastError() != ERROR_ALREADY_EXISTS) goto error; - if (!DeleteFile(newpath)) + if (!win32_delete_file_wrapper(newpath)) goto error; if (!(*win32func_CreateSymbolicLinkW)(newpath, oldpath, 0)) goto error; @@ -195,8 +266,7 @@ win32_extract_stream(const wchar_t *path, const wchar_t *stream_name, ret = 0; if (!lte) goto out_close_handle; - ret = extract_wim_resource(lte, wim_resource_size(lte), - win32_extract_wim_chunk, h); + ret = extract_stream(lte, lte->size, win32_extract_wim_chunk, h); out_close_handle: if (!CloseHandle(h)) goto error; @@ -239,9 +309,9 @@ win32_encrypted_import_cb(unsigned char *data, void *_import_ctx, unsigned long len = *len_p; const struct wim_lookup_table_entry *lte = import_ctx->lte; - len = min(len, wim_resource_size(lte) - import_ctx->offset); + len = min(len, lte->size - import_ctx->offset); - if (read_partial_wim_resource_into_buf(lte, len, import_ctx->offset, data)) + if (read_partial_wim_stream_into_buf(lte, len, import_ctx->offset, data)) return ERROR_READ_FAULT; import_ctx->offset += len; @@ -482,34 +552,118 @@ do_win32_set_security_descriptor(HANDLE h, const wchar_t *path, return GetLastError(); } +/* + * Set an arbitrary security descriptor on an arbitrary file (or directory), + * working around bugs and design flaws in the Windows operating system. + * + * On success, return 0. On failure, return WIMLIB_ERR_SET_SECURITY and set + * errno. Note: if WIMLIB_EXTRACT_FLAG_STRICT_ACLS is not set in + * ctx->extract_flags, this function succeeds iff any part of the security + * descriptor was successfully set. + */ static int win32_set_security_descriptor(const wchar_t *path, const u8 *desc, size_t desc_size, struct apply_ctx *ctx) { SECURITY_INFORMATION info; HANDLE h; - DWORD err; int ret; + /* We really just want to set entire the security descriptor as-is, but + * all available APIs require specifying the specific parts of the + * descriptor being set. Start out by requesting all parts be set. If + * permissions problems are encountered, fall back to omitting some + * parts (first the SACL, then the DACL, then the owner), unless the + * WIMLIB_EXTRACT_FLAG_STRICT_ACLS flag has been enabled. */ info = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION; + h = INVALID_HANDLE_VALUE; + /* Prefer NtSetSecurityObject() to SetFileSecurity(). SetFileSecurity() + * itself necessarily uses NtSetSecurityObject() as the latter is the + * underlying system call for setting security information, but + * SetFileSecurity() opens the handle with NtCreateFile() without + * FILE_OPEN_FILE_BACKUP_INTENT. Hence, access checks are done and due + * to the Windows security model, even a process running as the + * Administrator can have access denied. (Of course, this not mentioned + * in the MS "documentation".) */ + #ifdef WITH_NTDLL if (func_NtSetSecurityObject) { - h = win32_open_existing_file(path, MAXIMUM_ALLOWED); - if (h == INVALID_HANDLE_VALUE) { - ERROR_WITH_ERRNO("Can't open %ls (%u)", path, GetLastError()); - goto error; + DWORD dwDesiredAccess; + + /* Open a handle for NtSetSecurityObject() with as many relevant + * access rights as possible. + * + * We don't know which rights will be actually granted. It + * could be less than what is needed to actually assign the full + * security descriptor, especially if the process is running as + * a non-Administrator. However, by default we just do the best + * we can, unless WIMLIB_EXTRACT_FLAG_STRICT_ACLS has been + * enabled. The MAXIMUM_ALLOWED access right is seemingly + * designed for this use case; however, it does not work + * properly in all cases: it can cause CreateFile() to fail with + * ERROR_ACCESS_DENIED, even though by definition + * MAXIMUM_ALLOWED access only requests access rights that are + * *not* denied. (Needless to say, MS does not document this + * bug.) */ + + dwDesiredAccess = WRITE_DAC | + WRITE_OWNER | + ACCESS_SYSTEM_SECURITY; + for (;;) { + DWORD err; + + h = win32_open_existing_file(path, dwDesiredAccess); + if (h != INVALID_HANDLE_VALUE) + break; + err = GetLastError(); + if (err == ERROR_ACCESS_DENIED || + err == ERROR_PRIVILEGE_NOT_HELD) + { + /* Don't increment partial_security_descriptors + * here or check WIMLIB_EXTRACT_FLAG_STRICT_ACLS + * here. It will be done later if needed; here + * we are just trying to get as many relevant + * access rights as possible. */ + if (dwDesiredAccess & ACCESS_SYSTEM_SECURITY) { + dwDesiredAccess &= ~ACCESS_SYSTEM_SECURITY; + continue; + } + if (dwDesiredAccess & WRITE_DAC) { + dwDesiredAccess &= ~WRITE_DAC; + continue; + } + if (dwDesiredAccess & WRITE_OWNER) { + dwDesiredAccess &= ~WRITE_OWNER; + continue; + } + } + /* Other error, or couldn't open the file even with no + * access rights specified. Something else must be + * wrong. */ + set_errno_from_win32_error(err); + return WIMLIB_ERR_SET_SECURITY; } } #endif + /* Try setting the security descriptor. */ for (;;) { + DWORD err; + err = do_win32_set_security_descriptor(h, path, info, (PSECURITY_DESCRIPTOR)desc); - if (err == ERROR_SUCCESS) + if (err == ERROR_SUCCESS) { + ret = 0; break; + } + + /* Failed to set the requested parts of the security descriptor. + * If the error was permissions-related, try to set fewer parts + * of the security descriptor, unless + * WIMLIB_EXTRACT_FLAG_STRICT_ACLS is enabled. */ if ((err == ERROR_PRIVILEGE_NOT_HELD || err == ERROR_ACCESS_DENIED) && !(ctx->extract_flags & WIMLIB_EXTRACT_FLAG_STRICT_ACLS)) @@ -527,25 +681,25 @@ win32_set_security_descriptor(const wchar_t *path, const u8 *desc, info &= ~OWNER_SECURITY_INFORMATION; continue; } - ctx->partial_security_descriptors--; - ctx->no_security_descriptors++; - break; + /* Nothing left except GROUP, and if we removed it we + * wouldn't have anything at all. */ } - SetLastError(err); - goto error; + /* No part of the security descriptor could be set, or + * WIMLIB_EXTRACT_FLAG_STRICT_ACLS is enabled and the full + * security descriptor could not be set. */ + if (!(info & SACL_SECURITY_INFORMATION)) + ctx->partial_security_descriptors--; + set_errno_from_win32_error(err); + ret = WIMLIB_ERR_SET_SECURITY; + break; } - ret = 0; -out_close: + + /* Close handle opened for NtSetSecurityObject(). */ #ifdef WITH_NTDLL if (func_NtSetSecurityObject) CloseHandle(h); #endif return ret; - -error: - set_errno_from_GetLastError(); - ret = WIMLIB_ERR_SET_SECURITY; - goto out_close; } static int