X-Git-Url: https://wimlib.net/git/?a=blobdiff_plain;f=src%2Fwin32_capture.c;h=e89d098ccae37a79f1102450192c18c97298b19f;hb=75e57af7a89f502ac74c16f710654510feb53159;hp=ae9cbbe9500c9055689cf8c28c03a63404eb130f;hpb=f217a34cf5fecfd91b10395f9165a7ae9570c4aa;p=wimlib diff --git a/src/win32_capture.c b/src/win32_capture.c index ae9cbbe9..e89d098c 100644 --- a/src/win32_capture.c +++ b/src/win32_capture.c @@ -7,20 +7,18 @@ /* * Copyright (C) 2013, 2014 Eric Biggers * - * This file is part of wimlib, a library for working with WIM files. + * This file is free software; you can redistribute it and/or modify it under + * the terms of the GNU Lesser General Public License as published by the Free + * Software Foundation; either version 3 of the License, or (at your option) any + * later version. * - * wimlib is free software; you can redistribute it and/or modify it under the - * terms of the GNU General Public License as published by the Free - * Software Foundation; either version 3 of the License, or (at your option) - * any later version. - * - * wimlib is distributed in the hope that it will be useful, but WITHOUT ANY - * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR - * A PARTICULAR PURPOSE. See the GNU General Public License for more + * This file is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS + * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more * details. * - * You should have received a copy of the GNU General Public License - * along with wimlib; if not, see http://www.gnu.org/licenses/. + * You should have received a copy of the GNU Lesser General Public License + * along with this file; if not, see http://www.gnu.org/licenses/. */ #ifdef __WIN32__ @@ -29,8 +27,11 @@ # include "config.h" #endif +#include + #include "wimlib/win32_common.h" +#include "wimlib/assert.h" #include "wimlib/capture.h" #include "wimlib/dentry.h" #include "wimlib/encoding.h" @@ -40,8 +41,6 @@ #include "wimlib/paths.h" #include "wimlib/reparse.h" -#include - struct winnt_scan_stats { unsigned long num_get_sd_access_denied; unsigned long num_get_sacl_priv_notheld; @@ -224,7 +223,7 @@ read_win32_encrypted_file_prefix(const struct wim_lookup_table_entry *lte, ret = WIMLIB_ERR_READ; } else if (export_ctx.bytes_remaining != 0) { ERROR("Only could read %"PRIu64" of %"PRIu64" bytes from " - "encryted file \"%ls\"", + "encrypted file \"%ls\"", size - export_ctx.bytes_remaining, size, printable_path(lte->file_on_disk)); ret = WIMLIB_ERR_READ; @@ -263,7 +262,7 @@ winnt_get_short_name(HANDLE h, struct wim_dentry *dentry) } /* - * Load the security descriptor of a file into the corresponding inode, and the + * Load the security descriptor of a file into the corresponding inode and the * WIM image's security descriptor set. */ static NTSTATUS @@ -278,10 +277,27 @@ winnt_get_security_descriptor(HANDLE h, struct wim_inode *inode, ULONG len_needed; NTSTATUS status; - requestedInformation = DACL_SECURITY_INFORMATION | + /* + * LABEL_SECURITY_INFORMATION is needed on Windows Vista and 7 because + * Microsoft decided to add mandatory integrity labels to the SACL but + * not have them returned by SACL_SECURITY_INFORMATION. + * + * BACKUP_SECURITY_INFORMATION is needed on Windows 8 because Microsoft + * decided to add even more stuff to the SACL and still not have it + * returned by SACL_SECURITY_INFORMATION; but they did remember that + * backup applications exist and simply want to read the stupid thing + * once and for all, so they added a flag to read the entire security + * descriptor. + * + * Older versions of Windows tolerate these new flags being passed in. + */ + requestedInformation = OWNER_SECURITY_INFORMATION | + GROUP_SECURITY_INFORMATION | + DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION | - OWNER_SECURITY_INFORMATION | - GROUP_SECURITY_INFORMATION; + LABEL_SECURITY_INFORMATION | + BACKUP_SECURITY_INFORMATION; + buf = _buf; bufsize = sizeof(_buf); @@ -339,7 +355,9 @@ winnt_get_security_descriptor(HANDLE h, struct wim_inode *inode, if (requestedInformation & SACL_SECURITY_INFORMATION) { /* Try again without the SACL. */ stats->num_get_sacl_priv_notheld++; - requestedInformation &= ~SACL_SECURITY_INFORMATION; + requestedInformation &= ~(SACL_SECURITY_INFORMATION | + LABEL_SECURITY_INFORMATION | + BACKUP_SECURITY_INFORMATION); break; } /* Fake success (useful when capturing as @@ -368,7 +386,7 @@ winnt_build_dentry_tree_recursive(struct wim_dentry **root_ret, size_t full_path_nchars, const wchar_t *filename, size_t filename_nchars, - struct add_image_params *params, + struct capture_params *params, struct winnt_scan_stats *stats, u32 vol_flags); @@ -377,7 +395,7 @@ winnt_recurse_directory(HANDLE h, wchar_t *full_path, size_t full_path_nchars, struct wim_dentry *parent, - struct add_image_params *params, + struct capture_params *params, struct winnt_scan_stats *stats, u32 vol_flags) { @@ -593,9 +611,8 @@ out_close_root_dir: } static int -winnt_rpfix_progress(struct add_image_params *params, const wchar_t *path, - const struct reparse_data *rpdata, - enum wimlib_progress_msg msg) +winnt_rpfix_progress(struct capture_params *params, const wchar_t *path, + const struct reparse_data *rpdata, int scan_status) { size_t print_name_nchars = rpdata->print_name_nbytes / sizeof(wchar_t); wchar_t print_name0[print_name_nchars + 1]; @@ -605,13 +622,13 @@ winnt_rpfix_progress(struct add_image_params *params, const wchar_t *path, params->progress.scan.cur_path = printable_path(path); params->progress.scan.symlink_target = print_name0; - return do_capture_progress(params, msg, NULL); + return do_capture_progress(params, scan_status, NULL); } static int winnt_try_rpfix(u8 *rpbuf, u16 *rpbuflen_p, u64 capture_root_ino, u64 capture_root_dev, - const wchar_t *path, struct add_image_params *params) + const wchar_t *path, struct capture_params *params) { struct reparse_data rpdata; const wchar_t *rel_target; @@ -670,7 +687,7 @@ winnt_try_rpfix(u8 *rpbuf, u16 *rpbuflen_p, } /* We have an absolute target pointing within the directory being - * captured, @rel_target is the suffix of the link target that is the + * captured. @rel_target is the suffix of the link target that is the * part relative to the directory being captured. * * We will cut off the prefix before this part (which is the path to the @@ -730,7 +747,7 @@ winnt_try_rpfix(u8 *rpbuf, u16 *rpbuflen_p, */ static int winnt_get_reparse_data(HANDLE h, const wchar_t *path, - struct add_image_params *params, + struct capture_params *params, u8 *rpbuf, u16 *rpbuflen_ret) { DWORD bytes_returned; @@ -804,6 +821,39 @@ win32_get_encrypted_file_size(const wchar_t *path, u64 *size_ret) return ret; } +static int +winnt_load_encrypted_stream_info(struct wim_inode *inode, const wchar_t *nt_path, + struct list_head *unhashed_streams) +{ + struct wim_lookup_table_entry *lte = new_lookup_table_entry(); + int ret; + + if (unlikely(!lte)) + return WIMLIB_ERR_NOMEM; + + lte->file_on_disk = WCSDUP(nt_path); + if (unlikely(!lte->file_on_disk)) { + free_lookup_table_entry(lte); + return WIMLIB_ERR_NOMEM; + } + lte->resource_location = RESOURCE_WIN32_ENCRYPTED; + + /* OpenEncryptedFileRaw() expects a Win32 name. */ + wimlib_assert(!wmemcmp(lte->file_on_disk, L"\\??\\", 4)); + lte->file_on_disk[1] = L'\\'; + + ret = win32_get_encrypted_file_size(lte->file_on_disk, <e->size); + if (unlikely(ret)) { + free_lookup_table_entry(lte); + return ret; + } + + lte->file_inode = inode; + add_unhashed_stream(lte, inode, 0, unhashed_streams); + inode->i_lte = lte; + return 0; +} + static bool get_data_stream_name(const wchar_t *raw_stream_name, size_t raw_stream_name_nchars, const wchar_t **stream_name_ret, size_t *stream_name_nchars_ret) @@ -888,8 +938,11 @@ winnt_scan_stream(const wchar_t *path, size_t path_nchars, sizeof(wchar_t)); if (!ads_entry) return WIMLIB_ERR_NOMEM; - } else if (inode->i_attributes & FILE_ATTRIBUTE_REPARSE_POINT) { - /* Ignore unnamed data stream of reparse point */ + } else if (inode->i_attributes & (FILE_ATTRIBUTE_REPARSE_POINT | + FILE_ATTRIBUTE_ENCRYPTED)) + { + /* Ignore unnamed data stream of reparse point or encrypted file + */ return 0; } else { ads_entry = NULL; @@ -916,27 +969,6 @@ winnt_scan_stream(const wchar_t *path, size_t path_nchars, lte->file_on_disk = stream_path; lte->resource_location = RESOURCE_IN_WINNT_FILE_ON_DISK; lte->size = stream_size; - if ((inode->i_attributes & FILE_ATTRIBUTE_ENCRYPTED) && !ads_entry) { - /* Special case for encrypted file. */ - - /* OpenEncryptedFileRaw() expects Win32 name, not NT name. - * Change \??\ into \\?\ */ - lte->file_on_disk[1] = L'\\'; - wimlib_assert(!wmemcmp(lte->file_on_disk, L"\\\\?\\", 4)); - - u64 encrypted_size; - int ret; - - ret = win32_get_encrypted_file_size(lte->file_on_disk, - &encrypted_size); - if (ret) { - free_lookup_table_entry(lte); - return ret; - } - lte->size = encrypted_size; - lte->resource_location = RESOURCE_WIN32_ENCRYPTED; - } - if (ads_entry) { stream_id = ads_entry->stream_id; ads_entry->lte = lte; @@ -944,6 +976,7 @@ winnt_scan_stream(const wchar_t *path, size_t path_nchars, stream_id = 0; inode->i_lte = lte; } + lte->file_inode = inode; add_unhashed_stream(lte, inode, stream_id, unhashed_streams); return 0; } @@ -963,7 +996,7 @@ winnt_scan_stream(const wchar_t *path, size_t path_nchars, * already present in Windows XP. */ static int -winnt_scan_streams(HANDLE *hFile_p, const wchar_t *path, size_t path_nchars, +winnt_scan_streams(HANDLE h, const wchar_t *path, size_t path_nchars, struct wim_inode *inode, struct list_head *unhashed_streams, u64 file_size, u32 vol_flags) { @@ -982,7 +1015,7 @@ winnt_scan_streams(HANDLE *hFile_p, const wchar_t *path, size_t path_nchars, goto unnamed_only; /* Get a buffer containing the stream information. */ - while (!NT_SUCCESS(status = (*func_NtQueryInformationFile)(*hFile_p, + while (!NT_SUCCESS(status = (*func_NtQueryInformationFile)(h, &iosb, buf, bufsize, @@ -1026,14 +1059,6 @@ winnt_scan_streams(HANDLE *hFile_p, const wchar_t *path, size_t path_nchars, goto out_free_buf; } - if (unlikely(inode->i_attributes & FILE_ATTRIBUTE_ENCRYPTED)) { - /* OpenEncryptedFileRaw() seems to fail with - * ERROR_SHARING_VIOLATION if there are any handles opened to - * the file. */ - (*func_NtClose)(*hFile_p); - *hFile_p = INVALID_HANDLE_VALUE; - } - /* Parse one or more stream information structures. */ info = (const FILE_STREAM_INFORMATION *)buf; for (;;) { @@ -1083,19 +1108,20 @@ winnt_build_dentry_tree_recursive(struct wim_dentry **root_ret, size_t full_path_nchars, const wchar_t *filename, size_t filename_nchars, - struct add_image_params *params, + struct capture_params *params, struct winnt_scan_stats *stats, u32 vol_flags) { struct wim_dentry *root = NULL; struct wim_inode *inode = NULL; - HANDLE h = INVALID_HANDLE_VALUE; + HANDLE h = NULL; int ret; NTSTATUS status; FILE_ALL_INFORMATION file_info; u8 *rpbuf; u16 rpbuflen; u16 not_rpfixed; + ACCESS_MASK requestedPerms; ret = try_exclude(full_path, full_path_nchars, params); if (ret < 0) /* Excluded? */ @@ -1104,32 +1130,44 @@ winnt_build_dentry_tree_recursive(struct wim_dentry **root_ret, goto out; /* Open the file. */ + requestedPerms = FILE_READ_DATA | + FILE_READ_ATTRIBUTES | + READ_CONTROL | + ACCESS_SYSTEM_SECURITY | + SYNCHRONIZE; +retry_open: status = winnt_openat(cur_dir, (cur_dir ? filename : full_path), (cur_dir ? filename_nchars : full_path_nchars), - FILE_READ_DATA | - FILE_READ_ATTRIBUTES | - READ_CONTROL | - ACCESS_SYSTEM_SECURITY | - SYNCHRONIZE, + requestedPerms, &h); if (unlikely(!NT_SUCCESS(status))) { if (status == STATUS_DELETE_PENDING) { WARNING("\"%ls\": Deletion pending; skipping file", printable_path(full_path)); ret = 0; - } else { - set_errno_from_nt_status(status); - ERROR_WITH_ERRNO("\"%ls\": Can't open file " - "(status=0x%08"PRIx32")", - printable_path(full_path), (u32)status); - if (status == STATUS_FVE_LOCKED_VOLUME) - ret = WIMLIB_ERR_FVE_LOCKED_VOLUME; - else - ret = WIMLIB_ERR_OPEN; + goto out; + } + if (status == STATUS_ACCESS_DENIED && + (requestedPerms & FILE_READ_DATA)) { + /* This happens on encrypted files. */ + requestedPerms &= ~FILE_READ_DATA; + goto retry_open; } - /* XXX: Provide option to exclude files that fail with - * STATUS_SHARING_VIOLATION? */ + + if (status == STATUS_FVE_LOCKED_VOLUME) { + ERROR("\"%ls\": Can't open file " + "(encrypted volume has not been unlocked)", + printable_path(full_path)); + ret = WIMLIB_ERR_FVE_LOCKED_VOLUME; + goto out; + } + + set_errno_from_nt_status(status); + ERROR_WITH_ERRNO("\"%ls\": Can't open file " + "(status=0x%08"PRIx32")", + printable_path(full_path), (u32)status); + ret = WIMLIB_ERR_OPEN; goto out; } @@ -1154,6 +1192,15 @@ winnt_build_dentry_tree_recursive(struct wim_dentry **root_ret, } } + if (unlikely(!(requestedPerms & FILE_READ_DATA)) && + !(file_info.BasicInformation.FileAttributes & FILE_ATTRIBUTE_ENCRYPTED)) + { + ERROR("\"%ls\": Permission to read data was denied", + printable_path(full_path)); + ret = WIMLIB_ERR_OPEN; + goto out; + } + if (unlikely(!cur_dir)) { /* Root of tree being captured; get volume information. */ @@ -1302,7 +1349,7 @@ winnt_build_dentry_tree_recursive(struct wim_dentry **root_ret, /* Load information about the unnamed data stream and any named data * streams. */ - ret = winnt_scan_streams(&h, + ret = winnt_scan_streams(h, full_path, full_path_nchars, inode, @@ -1312,21 +1359,42 @@ winnt_build_dentry_tree_recursive(struct wim_dentry **root_ret, if (ret) goto out; - if (unlikely(inode->i_attributes & FILE_ATTRIBUTE_REPARSE_POINT)) { - - /* Reparse point: set the reparse data (already read). */ - - inode->i_not_rpfixed = not_rpfixed; - inode->i_reparse_tag = le32_to_cpu(*(le32*)rpbuf); - ret = inode_set_unnamed_stream(inode, rpbuf + 8, rpbuflen - 8, - params->lookup_table); + if (unlikely(inode->i_attributes & FILE_ATTRIBUTE_ENCRYPTED)) { + /* Load information about the raw encrypted data. This is + * needed for any directory or non-directory that has + * FILE_ATTRIBUTE_ENCRYPTED set. + * + * Note: since OpenEncryptedFileRaw() fails with + * ERROR_SHARING_VIOLATION if there are any open handles to the + * file, we have to close the file and re-open it later if + * needed. */ + (*func_NtClose)(h); + h = NULL; + ret = winnt_load_encrypted_stream_info(inode, full_path, + params->unhashed_streams); if (ret) goto out; + } + + if (unlikely(inode->i_attributes & FILE_ATTRIBUTE_REPARSE_POINT)) { + if (unlikely(inode->i_attributes & FILE_ATTRIBUTE_ENCRYPTED)) { + WARNING("Ignoring reparse data of encrypted reparse point file \"%ls\"", + printable_path(full_path)); + } else { + /* Reparse point: set the reparse data (already read). */ + + inode->i_not_rpfixed = not_rpfixed; + inode->i_reparse_tag = le32_to_cpu(*(le32*)rpbuf); + ret = inode_set_unnamed_stream(inode, rpbuf + 8, rpbuflen - 8, + params->lookup_table); + if (ret) + goto out; + } } else if (inode->i_attributes & FILE_ATTRIBUTE_DIRECTORY) { /* Directory: recurse to children. */ - if (unlikely(h == INVALID_HANDLE_VALUE)) { + if (unlikely(!h)) { /* Re-open handle that was closed to read raw encrypted * data. */ status = winnt_openat(cur_dir, @@ -1364,12 +1432,14 @@ out_progress: else ret = do_capture_progress(params, WIMLIB_SCAN_DENTRY_EXCLUDED, NULL); out: - if (likely(h != INVALID_HANDLE_VALUE)) + if (likely(h)) (*func_NtClose)(h); - if (likely(ret == 0)) - *root_ret = root; - else + if (unlikely(ret)) { free_dentry_tree(root, params->lookup_table); + root = NULL; + ret = report_capture_error(params, ret, full_path); + } + *root_ret = root; return ret; } @@ -1401,7 +1471,7 @@ winnt_do_scan_warnings(const wchar_t *path, const struct winnt_scan_stats *stats int win32_build_dentry_tree(struct wim_dentry **root_ret, const wchar_t *root_disk_path, - struct add_image_params *params) + struct capture_params *params) { wchar_t *path; int ret;