win32_delete_file_wrapper(): Check for INVALID_FILE_ATTRIBUTES
[wimlib] / src / win32_apply.c
1 /*
2  * win32_apply.c - Windows-specific code for applying files from a WIM image.
3  */
4
5 /*
6  * Copyright (C) 2013 Eric Biggers
7  *
8  * This file is part of wimlib, a library for working with WIM files.
9  *
10  * wimlib is free software; you can redistribute it and/or modify it under the
11  * terms of the GNU General Public License as published by the Free
12  * Software Foundation; either version 3 of the License, or (at your option)
13  * any later version.
14  *
15  * wimlib is distributed in the hope that it will be useful, but WITHOUT ANY
16  * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
17  * A PARTICULAR PURPOSE. See the GNU General Public License for more
18  * details.
19  *
20  * You should have received a copy of the GNU General Public License
21  * along with wimlib; if not, see http://www.gnu.org/licenses/.
22  */
23
24 #ifdef __WIN32__
25
26 #ifdef HAVE_CONFIG_H
27 #  include "config.h"
28 #endif
29
30 #include "wimlib/win32_common.h"
31
32 #include "wimlib/apply.h"
33 #include "wimlib/error.h"
34 #include "wimlib/lookup_table.h"
35
36 static int
37 win32_start_extract(const wchar_t *path, struct apply_ctx *ctx)
38 {
39         int ret;
40         unsigned vol_flags;
41         bool supports_SetFileShortName;
42
43         ret = win32_get_vol_flags(path, &vol_flags, &supports_SetFileShortName);
44         if (ret)
45                 return ret;
46
47         ctx->supported_features.archive_files = 1;
48         ctx->supported_features.hidden_files = 1;
49         ctx->supported_features.system_files = 1;
50
51         if (vol_flags & FILE_FILE_COMPRESSION)
52                 ctx->supported_features.compressed_files = 1;
53
54         if (vol_flags & FILE_SUPPORTS_ENCRYPTION) {
55                 ctx->supported_features.encrypted_files = 1;
56                 ctx->supported_features.encrypted_directories = 1;
57         }
58
59         ctx->supported_features.not_context_indexed_files = 1;
60
61         if (vol_flags & FILE_SUPPORTS_SPARSE_FILES)
62                 ctx->supported_features.sparse_files = 1;
63
64         if (vol_flags & FILE_NAMED_STREAMS)
65                 ctx->supported_features.named_data_streams = 1;
66
67         if (vol_flags & FILE_SUPPORTS_HARD_LINKS)
68                 ctx->supported_features.hard_links = 1;
69
70         if (vol_flags & FILE_SUPPORTS_REPARSE_POINTS) {
71                 ctx->supported_features.reparse_points = 1;
72                 if (win32func_CreateSymbolicLinkW)
73                         ctx->supported_features.symlink_reparse_points = 1;
74         }
75
76         if (vol_flags & FILE_PERSISTENT_ACLS)
77                 ctx->supported_features.security_descriptors = 1;
78
79         if (supports_SetFileShortName)
80                 ctx->supported_features.short_names = 1;
81         return 0;
82 }
83
84 /* Create a normal file, overwriting one already present.  */
85 static int
86 win32_create_file(const wchar_t *path, struct apply_ctx *ctx, u64 *cookie_ret)
87 {
88         HANDLE h;
89         unsigned retry_count = 0;
90         DWORD dwFlagsAndAttributes = FILE_FLAG_BACKUP_SEMANTICS;
91
92 retry:
93         /* WRITE_OWNER and WRITE_DAC privileges are required for some reason,
94          * even through we're creating a new file.  */
95         h = CreateFile(path, WRITE_OWNER | WRITE_DAC, 0, NULL,
96                        CREATE_ALWAYS, dwFlagsAndAttributes, NULL);
97         if (h == INVALID_HANDLE_VALUE) {
98                 /* File couldn't be created.  */
99                 DWORD err = GetLastError();
100                 if (err == ERROR_ACCESS_DENIED && retry_count == 0) {
101
102                         /* Access denied error for the first time.  Try
103                          * adjusting file attributes.  */
104
105                         /* Get attributes of the existing file.  */
106                         DWORD attribs = GetFileAttributes(path);
107                         if (attribs != INVALID_FILE_ATTRIBUTES &&
108                             (attribs & (FILE_ATTRIBUTE_HIDDEN |
109                                         FILE_ATTRIBUTE_SYSTEM |
110                                         FILE_ATTRIBUTE_READONLY)))
111                         {
112                                 /* If the existing file has
113                                  * FILE_ATTRIBUTE_HIDDEN and/or
114                                  * FILE_ATTRIBUTE_SYSTEM, they must be set in
115                                  * the call to CreateFile().  This is true even
116                                  * when FILE_ATTRIBUTE_NORMAL was not specified,
117                                  * contrary to the MS "documentation".  */
118                                 dwFlagsAndAttributes |= (attribs &
119                                                          (FILE_ATTRIBUTE_HIDDEN |
120                                                           FILE_ATTRIBUTE_SYSTEM));
121                                 /* If the existing file has
122                                  * FILE_ATTRIBUTE_READONLY, it must be cleared
123                                  * before attempting to create a new file over
124                                  * it.  This is true even when the process has
125                                  * the SE_RESTORE_NAME privilege and requested
126                                  * the FILE_FLAG_BACKUP_SEMANTICS flag to
127                                  * CreateFile().  */
128                                 if (attribs & FILE_ATTRIBUTE_READONLY) {
129                                         SetFileAttributes(path,
130                                                           attribs & ~FILE_ATTRIBUTE_READONLY);
131                                 }
132                                 retry_count++;
133                                 goto retry;
134                         }
135                 }
136                 set_errno_from_win32_error(err);
137                 return WIMLIB_ERR_OPEN;
138         }
139         CloseHandle(h);
140         return 0;
141 }
142
143 static int
144 win32_create_directory(const wchar_t *path, struct apply_ctx *ctx,
145                        u64 *cookie_ret)
146 {
147         if (!CreateDirectory(path, NULL))
148                 if (GetLastError() != ERROR_ALREADY_EXISTS)
149                         goto error;
150         return 0;
151
152 error:
153         set_errno_from_GetLastError();
154         return WIMLIB_ERR_MKDIR;
155 }
156
157 /* Delete a non-directory file, working around Windows quirks.  */
158 static BOOL
159 win32_delete_file_wrapper(const wchar_t *path)
160 {
161         DWORD err;
162         DWORD attrib;
163
164         if (DeleteFile(path))
165                 return TRUE;
166
167         err = GetLastError();
168         attrib = GetFileAttributes(path);
169         if ((attrib != INVALID_FILE_ATTRIBUTES) &&
170             (attrib & FILE_ATTRIBUTE_READONLY))
171         {
172                 /* Try again with FILE_ATTRIBUTE_READONLY cleared.  */
173                 attrib &= ~FILE_ATTRIBUTE_READONLY;
174                 if (SetFileAttributes(path, attrib)) {
175                         if (DeleteFile(path))
176                                 return TRUE;
177                         else
178                                 err = GetLastError();
179                 }
180         }
181
182         SetLastError(err);
183         return FALSE;
184 }
185
186 static int
187 win32_create_hardlink(const wchar_t *oldpath, const wchar_t *newpath,
188                       struct apply_ctx *ctx)
189 {
190         if (!CreateHardLink(newpath, oldpath, NULL)) {
191                 if (GetLastError() != ERROR_ALREADY_EXISTS)
192                         goto error;
193                 if (!win32_delete_file_wrapper(newpath))
194                         goto error;
195                 if (!CreateHardLink(newpath, oldpath, NULL))
196                         goto error;
197         }
198         return 0;
199
200 error:
201         set_errno_from_GetLastError();
202         return WIMLIB_ERR_LINK;
203 }
204
205 static int
206 win32_create_symlink(const wchar_t *oldpath, const wchar_t *newpath,
207                      struct apply_ctx *ctx)
208 {
209         if (!(*win32func_CreateSymbolicLinkW)(newpath, oldpath, 0)) {
210                 if (GetLastError() != ERROR_ALREADY_EXISTS)
211                         goto error;
212                 if (!win32_delete_file_wrapper(newpath))
213                         goto error;
214                 if (!(*win32func_CreateSymbolicLinkW)(newpath, oldpath, 0))
215                         goto error;
216         }
217         return 0;
218
219 error:
220         set_errno_from_GetLastError();
221         return WIMLIB_ERR_LINK;
222 }
223
224 static int
225 win32_extract_wim_chunk(const void *buf, size_t len, void *arg)
226 {
227         HANDLE h = (HANDLE)arg;
228         DWORD nbytes_written;
229
230         if (unlikely(!WriteFile(h, buf, len, &nbytes_written, NULL)))
231                 goto error;
232         if (unlikely(nbytes_written != len))
233                 goto error;
234         return 0;
235
236 error:
237         set_errno_from_GetLastError();
238         return WIMLIB_ERR_WRITE;
239 }
240
241 static int
242 win32_extract_stream(const wchar_t *path, const wchar_t *stream_name,
243                      size_t stream_name_nchars,
244                      struct wim_lookup_table_entry *lte, struct apply_ctx *ctx)
245 {
246         DWORD creationDisposition = OPEN_EXISTING;
247         wchar_t *stream_path = (wchar_t*)path;
248         HANDLE h;
249         int ret;
250
251         if (stream_name_nchars) {
252                 creationDisposition = CREATE_ALWAYS;
253                 stream_path = alloca(sizeof(wchar_t) *
254                                      (wcslen(path) + 1 +
255                                       wcslen(stream_name) + 1));
256                 tsprintf(stream_path, L"%ls:%ls", path, stream_name);
257         }
258
259         h = CreateFile(stream_path, FILE_WRITE_DATA, 0, NULL,
260                        creationDisposition, FILE_FLAG_BACKUP_SEMANTICS |
261                                             FILE_FLAG_OPEN_REPARSE_POINT,
262                        NULL);
263         if (h == INVALID_HANDLE_VALUE)
264                 goto error;
265
266         ret = 0;
267         if (!lte)
268                 goto out_close_handle;
269         ret = extract_stream(lte, lte->size, win32_extract_wim_chunk, h);
270 out_close_handle:
271         if (!CloseHandle(h))
272                 goto error;
273         if (ret && !errno)
274                 errno = -1;
275         return ret;
276
277 error:
278         set_errno_from_GetLastError();
279         return WIMLIB_ERR_WRITE;
280 }
281
282 static int
283 win32_extract_unnamed_stream(file_spec_t file,
284                              struct wim_lookup_table_entry *lte,
285                              struct apply_ctx *ctx)
286 {
287         return win32_extract_stream(file.path, NULL, 0, lte, ctx);
288 }
289
290 static int
291 win32_extract_named_stream(file_spec_t file, const wchar_t *stream_name,
292                            size_t stream_name_nchars,
293                            struct wim_lookup_table_entry *lte, struct apply_ctx *ctx)
294 {
295         return win32_extract_stream(file.path, stream_name,
296                                     stream_name_nchars, lte, ctx);
297 }
298
299 struct win32_encrypted_extract_ctx {
300         const struct wim_lookup_table_entry *lte;
301         u64 offset;
302 };
303
304 static DWORD WINAPI
305 win32_encrypted_import_cb(unsigned char *data, void *_import_ctx,
306                           unsigned long *len_p)
307 {
308         struct win32_encrypted_extract_ctx *import_ctx = _import_ctx;
309         unsigned long len = *len_p;
310         const struct wim_lookup_table_entry *lte = import_ctx->lte;
311
312         len = min(len, lte->size - import_ctx->offset);
313
314         if (read_partial_wim_stream_into_buf(lte, len, import_ctx->offset, data))
315                 return ERROR_READ_FAULT;
316
317         import_ctx->offset += len;
318         *len_p = len;
319         return ERROR_SUCCESS;
320 }
321
322 static int
323 win32_extract_encrypted_stream(const wchar_t *path,
324                                struct wim_lookup_table_entry *lte,
325                                struct apply_ctx *ctx)
326 {
327         void *file_ctx;
328         DWORD err;
329         int ret;
330         struct win32_encrypted_extract_ctx extract_ctx;
331
332         err = OpenEncryptedFileRaw(path, CREATE_FOR_IMPORT, &file_ctx);
333         if (err != ERROR_SUCCESS) {
334                 set_errno_from_win32_error(err);
335                 ret = WIMLIB_ERR_OPEN;
336                 goto out;
337         }
338
339         extract_ctx.lte = lte;
340         extract_ctx.offset = 0;
341         err = WriteEncryptedFileRaw(win32_encrypted_import_cb, &extract_ctx,
342                                     file_ctx);
343         if (err != ERROR_SUCCESS) {
344                 set_errno_from_win32_error(err);
345                 ret = WIMLIB_ERR_WRITE;
346                 goto out_close;
347         }
348
349         ret = 0;
350 out_close:
351         CloseEncryptedFileRaw(file_ctx);
352 out:
353         return ret;
354 }
355
356 static BOOL
357 win32_set_special_file_attributes(const wchar_t *path, u32 attributes)
358 {
359         HANDLE h;
360         DWORD err;
361         USHORT compression_format = COMPRESSION_FORMAT_DEFAULT;
362         DWORD bytes_returned;
363
364         h = win32_open_existing_file(path, GENERIC_READ | GENERIC_WRITE);
365         if (h == INVALID_HANDLE_VALUE)
366                 goto error;
367
368         if (attributes & FILE_ATTRIBUTE_SPARSE_FILE)
369                 if (!DeviceIoControl(h, FSCTL_SET_SPARSE,
370                                      NULL, 0,
371                                      NULL, 0,
372                                      &bytes_returned, NULL))
373                         goto error_close_handle;
374
375         if (attributes & FILE_ATTRIBUTE_COMPRESSED)
376                 if (!DeviceIoControl(h, FSCTL_SET_COMPRESSION,
377                                      &compression_format, sizeof(USHORT),
378                                      NULL, 0,
379                                      &bytes_returned, NULL))
380                         goto error_close_handle;
381
382         if (!CloseHandle(h))
383                 goto error;
384
385         if (attributes & FILE_ATTRIBUTE_ENCRYPTED)
386                 if (!EncryptFile(path))
387                         goto error;
388
389         return TRUE;
390
391 error_close_handle:
392         err = GetLastError();
393         CloseHandle(h);
394         SetLastError(err);
395 error:
396         return FALSE;
397 }
398
399 static int
400 win32_set_file_attributes(const wchar_t *path, u32 attributes,
401                           struct apply_ctx *ctx, unsigned pass)
402 {
403         u32 special_attributes =
404                 FILE_ATTRIBUTE_REPARSE_POINT |
405                 FILE_ATTRIBUTE_DIRECTORY |
406                 FILE_ATTRIBUTE_SPARSE_FILE |
407                 FILE_ATTRIBUTE_COMPRESSED |
408                 FILE_ATTRIBUTE_ENCRYPTED;
409         u32 actual_attributes;
410
411         /* Delay setting FILE_ATTRIBUTE_READONLY on the initial pass (when files
412          * are created, but data not extracted); otherwise the system will
413          * refuse access to the file even if the process has SeRestorePrivilege.
414          */
415         if (pass == 0)
416                 attributes &= ~FILE_ATTRIBUTE_READONLY;
417
418         if (!SetFileAttributes(path, attributes & ~special_attributes))
419                 goto error;
420
421         if (pass != 0)
422                 return 0;
423
424         if (attributes & (FILE_ATTRIBUTE_SPARSE_FILE |
425                           FILE_ATTRIBUTE_ENCRYPTED |
426                           FILE_ATTRIBUTE_COMPRESSED))
427                 if (!win32_set_special_file_attributes(path, attributes))
428                         goto error;
429
430         /* If file is not supposed to be encrypted or compressed, remove
431          * defaulted encrypted or compressed attributes (from creating file in
432          * encrypted or compressed directory).  */
433         actual_attributes = GetFileAttributes(path);
434         if (actual_attributes == INVALID_FILE_ATTRIBUTES)
435                 goto error;
436
437         if ((actual_attributes & FILE_ATTRIBUTE_ENCRYPTED) &&
438             !(attributes & FILE_ATTRIBUTE_ENCRYPTED))
439                 if (!DecryptFile(path, 0))
440                         goto error;
441         if ((actual_attributes & FILE_ATTRIBUTE_COMPRESSED) &&
442             !(attributes & FILE_ATTRIBUTE_COMPRESSED))
443         {
444                 HANDLE h;
445                 DWORD bytes_returned;
446                 USHORT compression_format = COMPRESSION_FORMAT_NONE;
447
448                 h = win32_open_existing_file(path, GENERIC_READ | GENERIC_WRITE);
449                 if (h == INVALID_HANDLE_VALUE)
450                         goto error;
451
452                 if (!DeviceIoControl(h, FSCTL_SET_COMPRESSION,
453                                      &compression_format, sizeof(USHORT),
454                                      NULL, 0,
455                                      &bytes_returned, NULL))
456                 {
457                         DWORD err = GetLastError();
458                         CloseHandle(h);
459                         SetLastError(err);
460                         goto error;
461                 }
462
463                 if (!CloseHandle(h))
464                         goto error;
465         }
466
467         return 0;
468
469 error:
470         set_errno_from_GetLastError();
471         return WIMLIB_ERR_SET_ATTRIBUTES;
472 }
473
474 static int
475 win32_set_reparse_data(const wchar_t *path, const u8 *rpbuf, u16 rpbuflen,
476                        struct apply_ctx *ctx)
477 {
478         HANDLE h;
479         DWORD err;
480         DWORD bytes_returned;
481
482         h = win32_open_existing_file(path, GENERIC_WRITE);
483         if (h == INVALID_HANDLE_VALUE)
484                 goto error;
485
486         if (!DeviceIoControl(h, FSCTL_SET_REPARSE_POINT,
487                              (void*)rpbuf, rpbuflen,
488                              NULL, 0, &bytes_returned, NULL))
489                 goto error_close_handle;
490
491         if (!CloseHandle(h))
492                 goto error;
493
494         return 0;
495
496 error_close_handle:
497         err = GetLastError();
498         CloseHandle(h);
499         SetLastError(err);
500 error:
501         set_errno_from_GetLastError();
502         return WIMLIB_ERR_WRITE; /* XXX: need better error code */
503 }
504
505 static int
506 win32_set_short_name(const wchar_t *path, const wchar_t *short_name,
507                      size_t short_name_nchars, struct apply_ctx *ctx)
508 {
509         HANDLE h;
510         DWORD err;
511
512         h = win32_open_existing_file(path, GENERIC_WRITE | DELETE);
513         if (h == INVALID_HANDLE_VALUE)
514                 goto error;
515
516         if (short_name_nchars) {
517                 if (!SetFileShortName(h, short_name))
518                         goto error_close_handle;
519         } else if (running_on_windows_7_or_later()) {
520                 if (!SetFileShortName(h, L""))
521                         goto error_close_handle;
522         }
523
524         if (!CloseHandle(h))
525                 goto error;
526
527         return 0;
528
529 error_close_handle:
530         err = GetLastError();
531         CloseHandle(h);
532         SetLastError(err);
533 error:
534         set_errno_from_GetLastError();
535         return WIMLIB_ERR_WRITE; /* XXX: need better error code */
536 }
537
538 static DWORD
539 do_win32_set_security_descriptor(HANDLE h, const wchar_t *path,
540                                  SECURITY_INFORMATION info,
541                                  PSECURITY_DESCRIPTOR desc)
542 {
543 #ifdef WITH_NTDLL
544         if (func_NtSetSecurityObject) {
545                 return (*func_RtlNtStatusToDosError)(
546                                 (*func_NtSetSecurityObject)(h, info, desc));
547         }
548 #endif
549         if (SetFileSecurity(path, info, desc))
550                 return ERROR_SUCCESS;
551         else
552                 return GetLastError();
553 }
554
555 /*
556  * Set an arbitrary security descriptor on an arbitrary file (or directory),
557  * working around bugs and design flaws in the Windows operating system.
558  *
559  * On success, return 0.  On failure, return WIMLIB_ERR_SET_SECURITY and set
560  * errno.  Note: if WIMLIB_EXTRACT_FLAG_STRICT_ACLS is not set in
561  * ctx->extract_flags, this function succeeds iff any part of the security
562  * descriptor was successfully set.
563  */
564 static int
565 win32_set_security_descriptor(const wchar_t *path, const u8 *desc,
566                               size_t desc_size, struct apply_ctx *ctx)
567 {
568         SECURITY_INFORMATION info;
569         HANDLE h;
570         int ret;
571
572         /* We really just want to set entire the security descriptor as-is, but
573          * all available APIs require specifying the specific parts of the
574          * descriptor being set.  Start out by requesting all parts be set.  If
575          * permissions problems are encountered, fall back to omitting some
576          * parts (first the SACL, then the DACL, then the owner), unless the
577          * WIMLIB_EXTRACT_FLAG_STRICT_ACLS flag has been enabled.  */
578         info = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
579                DACL_SECURITY_INFORMATION  | SACL_SECURITY_INFORMATION;
580
581         h = INVALID_HANDLE_VALUE;
582
583         /* Prefer NtSetSecurityObject() to SetFileSecurity().  SetFileSecurity()
584          * itself necessarily uses NtSetSecurityObject() as the latter is the
585          * underlying system call for setting security information, but
586          * SetFileSecurity() opens the handle with NtCreateFile() without
587          * FILE_OPEN_FILE_BACKUP_INTENT.  Hence, access checks are done and due
588          * to the Windows security model, even a process running as the
589          * Administrator can have access denied.  (Of course, this not mentioned
590          * in the MS "documentation".)  */
591
592 #ifdef WITH_NTDLL
593         if (func_NtSetSecurityObject) {
594                 DWORD dwDesiredAccess;
595
596                 /* Open a handle for NtSetSecurityObject() with as many relevant
597                  * access rights as possible.
598                  *
599                  * We don't know which rights will be actually granted.  It
600                  * could be less than what is needed to actually assign the full
601                  * security descriptor, especially if the process is running as
602                  * a non-Administrator.  However, by default we just do the best
603                  * we can, unless WIMLIB_EXTRACT_FLAG_STRICT_ACLS has been
604                  * enabled.  The MAXIMUM_ALLOWED access right is seemingly
605                  * designed for this use case; however, it does not work
606                  * properly in all cases: it can cause CreateFile() to fail with
607                  * ERROR_ACCESS_DENIED, even though by definition
608                  * MAXIMUM_ALLOWED access only requests access rights that are
609                  * *not* denied.  (Needless to say, MS does not document this
610                  * bug.)  */
611
612                 dwDesiredAccess = WRITE_DAC |
613                                   WRITE_OWNER |
614                                   ACCESS_SYSTEM_SECURITY;
615                 for (;;) {
616                         DWORD err;
617
618                         h = win32_open_existing_file(path, dwDesiredAccess);
619                         if (h != INVALID_HANDLE_VALUE)
620                                 break;
621                         err = GetLastError();
622                         if (err == ERROR_ACCESS_DENIED ||
623                             err == ERROR_PRIVILEGE_NOT_HELD)
624                         {
625                                 /* Don't increment partial_security_descriptors
626                                  * here or check WIMLIB_EXTRACT_FLAG_STRICT_ACLS
627                                  * here.  It will be done later if needed; here
628                                  * we are just trying to get as many relevant
629                                  * access rights as possible.  */
630                                 if (dwDesiredAccess & ACCESS_SYSTEM_SECURITY) {
631                                         dwDesiredAccess &= ~ACCESS_SYSTEM_SECURITY;
632                                         continue;
633                                 }
634                                 if (dwDesiredAccess & WRITE_DAC) {
635                                         dwDesiredAccess &= ~WRITE_DAC;
636                                         continue;
637                                 }
638                                 if (dwDesiredAccess & WRITE_OWNER) {
639                                         dwDesiredAccess &= ~WRITE_OWNER;
640                                         continue;
641                                 }
642                         }
643                         /* Other error, or couldn't open the file even with no
644                          * access rights specified.  Something else must be
645                          * wrong.  */
646                         set_errno_from_win32_error(err);
647                         return WIMLIB_ERR_SET_SECURITY;
648                 }
649         }
650 #endif
651
652         /* Try setting the security descriptor.  */
653         for (;;) {
654                 DWORD err;
655
656                 err = do_win32_set_security_descriptor(h, path, info,
657                                                        (PSECURITY_DESCRIPTOR)desc);
658                 if (err == ERROR_SUCCESS) {
659                         ret = 0;
660                         break;
661                 }
662
663                 /* Failed to set the requested parts of the security descriptor.
664                  * If the error was permissions-related, try to set fewer parts
665                  * of the security descriptor, unless
666                  * WIMLIB_EXTRACT_FLAG_STRICT_ACLS is enabled.  */
667                 if ((err == ERROR_PRIVILEGE_NOT_HELD ||
668                      err == ERROR_ACCESS_DENIED) &&
669                     !(ctx->extract_flags & WIMLIB_EXTRACT_FLAG_STRICT_ACLS))
670                 {
671                         if (info & SACL_SECURITY_INFORMATION) {
672                                 info &= ~SACL_SECURITY_INFORMATION;
673                                 ctx->partial_security_descriptors++;
674                                 continue;
675                         }
676                         if (info & DACL_SECURITY_INFORMATION) {
677                                 info &= ~DACL_SECURITY_INFORMATION;
678                                 continue;
679                         }
680                         if (info & OWNER_SECURITY_INFORMATION) {
681                                 info &= ~OWNER_SECURITY_INFORMATION;
682                                 continue;
683                         }
684                         /* Nothing left except GROUP, and if we removed it we
685                          * wouldn't have anything at all.  */
686                 }
687                 /* No part of the security descriptor could be set, or
688                  * WIMLIB_EXTRACT_FLAG_STRICT_ACLS is enabled and the full
689                  * security descriptor could not be set.  */
690                 if (!(info & SACL_SECURITY_INFORMATION))
691                         ctx->partial_security_descriptors--;
692                 set_errno_from_win32_error(err);
693                 ret = WIMLIB_ERR_SET_SECURITY;
694                 break;
695         }
696
697         /* Close handle opened for NtSetSecurityObject().  */
698 #ifdef WITH_NTDLL
699         if (func_NtSetSecurityObject)
700                 CloseHandle(h);
701 #endif
702         return ret;
703 }
704
705 static int
706 win32_set_timestamps(const wchar_t *path, u64 creation_time,
707                      u64 last_write_time, u64 last_access_time,
708                      struct apply_ctx *ctx)
709 {
710         HANDLE h;
711         DWORD err;
712         FILETIME creationTime = {.dwLowDateTime = creation_time & 0xffffffff,
713                                  .dwHighDateTime = creation_time >> 32};
714         FILETIME lastAccessTime = {.dwLowDateTime = last_access_time & 0xffffffff,
715                                   .dwHighDateTime = last_access_time >> 32};
716         FILETIME lastWriteTime = {.dwLowDateTime = last_write_time & 0xffffffff,
717                                   .dwHighDateTime = last_write_time >> 32};
718
719         h = win32_open_existing_file(path, FILE_WRITE_ATTRIBUTES);
720         if (h == INVALID_HANDLE_VALUE)
721                 goto error;
722
723         if (!SetFileTime(h, &creationTime, &lastAccessTime, &lastWriteTime))
724                 goto error_close_handle;
725
726         if (!CloseHandle(h))
727                 goto error;
728
729         return 0;
730
731 error_close_handle:
732         err = GetLastError();
733         CloseHandle(h);
734         SetLastError(err);
735 error:
736         set_errno_from_GetLastError();
737         return WIMLIB_ERR_SET_TIMESTAMPS;
738 }
739
740 const struct apply_operations win32_apply_ops = {
741         .name = L"Win32",
742
743         .target_is_root           = win32_path_is_root_of_drive,
744         .start_extract            = win32_start_extract,
745         .create_file              = win32_create_file,
746         .create_directory         = win32_create_directory,
747         .create_hardlink          = win32_create_hardlink,
748         .create_symlink           = win32_create_symlink,
749         .extract_unnamed_stream   = win32_extract_unnamed_stream,
750         .extract_named_stream     = win32_extract_named_stream,
751         .extract_encrypted_stream = win32_extract_encrypted_stream,
752         .set_file_attributes      = win32_set_file_attributes,
753         .set_reparse_data         = win32_set_reparse_data,
754         .set_short_name           = win32_set_short_name,
755         .set_security_descriptor  = win32_set_security_descriptor,
756         .set_timestamps           = win32_set_timestamps,
757
758         .path_prefix = L"\\\\?\\",
759         .path_prefix_nchars = 4,
760         .path_separator = L'\\',
761         .path_max = 32768,
762
763         .requires_realtarget_in_paths = 1,
764         .realpath_works_on_nonexisting_files = 1,
765         .root_directory_is_special = 1,
766         .requires_final_set_attributes_pass = 1,
767         .extract_encrypted_stream_creates_file = 1,
768         .requires_short_name_reordering = 1, /* TODO: check if this is really needed  */
769 };
770
771 #endif /* __WIN32__ */