win32_apply.c: Simplify and fix win32_create_file()
[wimlib] / src / win32_apply.c
1 /*
2  * win32_apply.c - Windows-specific code for applying files from a WIM image.
3  */
4
5 /*
6  * Copyright (C) 2013 Eric Biggers
7  *
8  * This file is part of wimlib, a library for working with WIM files.
9  *
10  * wimlib is free software; you can redistribute it and/or modify it under the
11  * terms of the GNU General Public License as published by the Free
12  * Software Foundation; either version 3 of the License, or (at your option)
13  * any later version.
14  *
15  * wimlib is distributed in the hope that it will be useful, but WITHOUT ANY
16  * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
17  * A PARTICULAR PURPOSE. See the GNU General Public License for more
18  * details.
19  *
20  * You should have received a copy of the GNU General Public License
21  * along with wimlib; if not, see http://www.gnu.org/licenses/.
22  */
23
24 #ifdef __WIN32__
25
26 #ifdef HAVE_CONFIG_H
27 #  include "config.h"
28 #endif
29
30 #include "wimlib/win32_common.h"
31
32 #include "wimlib/apply.h"
33 #include "wimlib/error.h"
34 #include "wimlib/lookup_table.h"
35
36 static int
37 win32_start_extract(const wchar_t *path, struct apply_ctx *ctx)
38 {
39         int ret;
40         unsigned vol_flags;
41         bool supports_SetFileShortName;
42
43         ret = win32_get_vol_flags(path, &vol_flags, &supports_SetFileShortName);
44         if (ret)
45                 return ret;
46
47         ctx->supported_features.archive_files = 1;
48         ctx->supported_features.hidden_files = 1;
49         ctx->supported_features.system_files = 1;
50
51         if (vol_flags & FILE_FILE_COMPRESSION)
52                 ctx->supported_features.compressed_files = 1;
53
54         if (vol_flags & FILE_SUPPORTS_ENCRYPTION) {
55                 ctx->supported_features.encrypted_files = 1;
56                 ctx->supported_features.encrypted_directories = 1;
57         }
58
59         ctx->supported_features.not_context_indexed_files = 1;
60
61         if (vol_flags & FILE_SUPPORTS_SPARSE_FILES)
62                 ctx->supported_features.sparse_files = 1;
63
64         if (vol_flags & FILE_NAMED_STREAMS)
65                 ctx->supported_features.named_data_streams = 1;
66
67         if (vol_flags & FILE_SUPPORTS_HARD_LINKS)
68                 ctx->supported_features.hard_links = 1;
69
70         if (vol_flags & FILE_SUPPORTS_REPARSE_POINTS) {
71                 ctx->supported_features.reparse_points = 1;
72                 if (win32func_CreateSymbolicLinkW)
73                         ctx->supported_features.symlink_reparse_points = 1;
74         }
75
76         if (vol_flags & FILE_PERSISTENT_ACLS)
77                 ctx->supported_features.security_descriptors = 1;
78
79         if (supports_SetFileShortName)
80                 ctx->supported_features.short_names = 1;
81         return 0;
82 }
83
84 /* Delete a non-directory file, working around Windows quirks.  */
85 static BOOL
86 win32_delete_file_wrapper(const wchar_t *path)
87 {
88         DWORD err;
89         DWORD attrib;
90
91         if (DeleteFile(path))
92                 return TRUE;
93
94         err = GetLastError();
95         attrib = GetFileAttributes(path);
96         if ((attrib != INVALID_FILE_ATTRIBUTES) &&
97             (attrib & FILE_ATTRIBUTE_READONLY))
98         {
99                 /* Try again with FILE_ATTRIBUTE_READONLY cleared.  */
100                 attrib &= ~FILE_ATTRIBUTE_READONLY;
101                 if (SetFileAttributes(path, attrib)) {
102                         if (DeleteFile(path))
103                                 return TRUE;
104                         else
105                                 err = GetLastError();
106                 }
107         }
108
109         SetLastError(err);
110         return FALSE;
111 }
112
113
114 /* Create a normal file, overwriting one already present.  */
115 static int
116 win32_create_file(const wchar_t *path, struct apply_ctx *ctx, u64 *cookie_ret)
117 {
118         HANDLE h;
119
120         /* Notes:
121          *
122          * WRITE_OWNER and WRITE_DAC privileges are required for some reason,
123          * even through we're creating a new file.
124          *
125          * FILE_FLAG_OPEN_REPARSE_POINT is required to prevent an existing
126          * reparse point from redirecting the creation of the new file
127          * (potentially to an arbitrary location).
128          *
129          * CREATE_ALWAYS could be used instead of CREATE_NEW.  However, there
130          * are quirks that would need to be handled (e.g. having to set
131          * FILE_ATTRIBUTE_HIDDEN and/or FILE_ATTRIBUTE_SYSTEM if the existing
132          * file had them specified, and/or having to clear
133          * FILE_ATTRIBUTE_READONLY on the existing file).  It's simpler to just
134          * call win32_delete_file_wrapper() to delete the existing file in such
135          * a way that already handles the FILE_ATTRIBUTE_READONLY quirk.
136          */
137 retry:
138         h = CreateFile(path, WRITE_OWNER | WRITE_DAC, 0, NULL, CREATE_NEW,
139                        FILE_FLAG_BACKUP_SEMANTICS |
140                                 FILE_FLAG_OPEN_REPARSE_POINT, NULL);
141         if (h == INVALID_HANDLE_VALUE) {
142                 DWORD err = GetLastError();
143
144                 if (err == ERROR_FILE_EXISTS && win32_delete_file_wrapper(path))
145                         goto retry;
146                 set_errno_from_win32_error(err);
147                 return WIMLIB_ERR_OPEN;
148         }
149         CloseHandle(h);
150         return 0;
151 }
152
153 static int
154 win32_create_directory(const wchar_t *path, struct apply_ctx *ctx,
155                        u64 *cookie_ret)
156 {
157         if (!CreateDirectory(path, NULL))
158                 if (GetLastError() != ERROR_ALREADY_EXISTS)
159                         goto error;
160         return 0;
161
162 error:
163         set_errno_from_GetLastError();
164         return WIMLIB_ERR_MKDIR;
165 }
166
167 static int
168 win32_create_hardlink(const wchar_t *oldpath, const wchar_t *newpath,
169                       struct apply_ctx *ctx)
170 {
171         if (!CreateHardLink(newpath, oldpath, NULL)) {
172                 if (GetLastError() != ERROR_ALREADY_EXISTS)
173                         goto error;
174                 if (!win32_delete_file_wrapper(newpath))
175                         goto error;
176                 if (!CreateHardLink(newpath, oldpath, NULL))
177                         goto error;
178         }
179         return 0;
180
181 error:
182         set_errno_from_GetLastError();
183         return WIMLIB_ERR_LINK;
184 }
185
186 static int
187 win32_create_symlink(const wchar_t *oldpath, const wchar_t *newpath,
188                      struct apply_ctx *ctx)
189 {
190         if (!(*win32func_CreateSymbolicLinkW)(newpath, oldpath, 0)) {
191                 if (GetLastError() != ERROR_ALREADY_EXISTS)
192                         goto error;
193                 if (!win32_delete_file_wrapper(newpath))
194                         goto error;
195                 if (!(*win32func_CreateSymbolicLinkW)(newpath, oldpath, 0))
196                         goto error;
197         }
198         return 0;
199
200 error:
201         set_errno_from_GetLastError();
202         return WIMLIB_ERR_LINK;
203 }
204
205 static int
206 win32_extract_wim_chunk(const void *buf, size_t len, void *arg)
207 {
208         HANDLE h = (HANDLE)arg;
209         DWORD nbytes_written;
210
211         if (unlikely(!WriteFile(h, buf, len, &nbytes_written, NULL)))
212                 goto error;
213         if (unlikely(nbytes_written != len))
214                 goto error;
215         return 0;
216
217 error:
218         set_errno_from_GetLastError();
219         return WIMLIB_ERR_WRITE;
220 }
221
222 static int
223 win32_extract_stream(const wchar_t *path, const wchar_t *stream_name,
224                      size_t stream_name_nchars,
225                      struct wim_lookup_table_entry *lte, struct apply_ctx *ctx)
226 {
227         DWORD creationDisposition = OPEN_EXISTING;
228         wchar_t *stream_path = (wchar_t*)path;
229         HANDLE h;
230         int ret;
231
232         if (stream_name_nchars) {
233                 creationDisposition = CREATE_ALWAYS;
234                 stream_path = alloca(sizeof(wchar_t) *
235                                      (wcslen(path) + 1 +
236                                       wcslen(stream_name) + 1));
237                 tsprintf(stream_path, L"%ls:%ls", path, stream_name);
238         }
239
240         h = CreateFile(stream_path, FILE_WRITE_DATA, 0, NULL,
241                        creationDisposition, FILE_FLAG_BACKUP_SEMANTICS |
242                                             FILE_FLAG_OPEN_REPARSE_POINT,
243                        NULL);
244         if (h == INVALID_HANDLE_VALUE)
245                 goto error;
246
247         ret = 0;
248         if (!lte)
249                 goto out_close_handle;
250         ret = extract_stream(lte, lte->size, win32_extract_wim_chunk, h);
251 out_close_handle:
252         if (!CloseHandle(h))
253                 goto error;
254         if (ret && !errno)
255                 errno = -1;
256         return ret;
257
258 error:
259         set_errno_from_GetLastError();
260         return WIMLIB_ERR_WRITE;
261 }
262
263 static int
264 win32_extract_unnamed_stream(file_spec_t file,
265                              struct wim_lookup_table_entry *lte,
266                              struct apply_ctx *ctx)
267 {
268         return win32_extract_stream(file.path, NULL, 0, lte, ctx);
269 }
270
271 static int
272 win32_extract_named_stream(file_spec_t file, const wchar_t *stream_name,
273                            size_t stream_name_nchars,
274                            struct wim_lookup_table_entry *lte, struct apply_ctx *ctx)
275 {
276         return win32_extract_stream(file.path, stream_name,
277                                     stream_name_nchars, lte, ctx);
278 }
279
280 struct win32_encrypted_extract_ctx {
281         const struct wim_lookup_table_entry *lte;
282         u64 offset;
283 };
284
285 static DWORD WINAPI
286 win32_encrypted_import_cb(unsigned char *data, void *_import_ctx,
287                           unsigned long *len_p)
288 {
289         struct win32_encrypted_extract_ctx *import_ctx = _import_ctx;
290         unsigned long len = *len_p;
291         const struct wim_lookup_table_entry *lte = import_ctx->lte;
292
293         len = min(len, lte->size - import_ctx->offset);
294
295         if (read_partial_wim_stream_into_buf(lte, len, import_ctx->offset, data))
296                 return ERROR_READ_FAULT;
297
298         import_ctx->offset += len;
299         *len_p = len;
300         return ERROR_SUCCESS;
301 }
302
303 static int
304 win32_extract_encrypted_stream(const wchar_t *path,
305                                struct wim_lookup_table_entry *lte,
306                                struct apply_ctx *ctx)
307 {
308         void *file_ctx;
309         DWORD err;
310         int ret;
311         struct win32_encrypted_extract_ctx extract_ctx;
312
313         err = OpenEncryptedFileRaw(path, CREATE_FOR_IMPORT, &file_ctx);
314         if (err != ERROR_SUCCESS) {
315                 set_errno_from_win32_error(err);
316                 ret = WIMLIB_ERR_OPEN;
317                 goto out;
318         }
319
320         extract_ctx.lte = lte;
321         extract_ctx.offset = 0;
322         err = WriteEncryptedFileRaw(win32_encrypted_import_cb, &extract_ctx,
323                                     file_ctx);
324         if (err != ERROR_SUCCESS) {
325                 set_errno_from_win32_error(err);
326                 ret = WIMLIB_ERR_WRITE;
327                 goto out_close;
328         }
329
330         ret = 0;
331 out_close:
332         CloseEncryptedFileRaw(file_ctx);
333 out:
334         return ret;
335 }
336
337 static BOOL
338 win32_set_special_file_attributes(const wchar_t *path, u32 attributes)
339 {
340         HANDLE h;
341         DWORD err;
342         USHORT compression_format = COMPRESSION_FORMAT_DEFAULT;
343         DWORD bytes_returned;
344
345         h = win32_open_existing_file(path, GENERIC_READ | GENERIC_WRITE);
346         if (h == INVALID_HANDLE_VALUE)
347                 goto error;
348
349         if (attributes & FILE_ATTRIBUTE_SPARSE_FILE)
350                 if (!DeviceIoControl(h, FSCTL_SET_SPARSE,
351                                      NULL, 0,
352                                      NULL, 0,
353                                      &bytes_returned, NULL))
354                         goto error_close_handle;
355
356         if (attributes & FILE_ATTRIBUTE_COMPRESSED)
357                 if (!DeviceIoControl(h, FSCTL_SET_COMPRESSION,
358                                      &compression_format, sizeof(USHORT),
359                                      NULL, 0,
360                                      &bytes_returned, NULL))
361                         goto error_close_handle;
362
363         if (!CloseHandle(h))
364                 goto error;
365
366         if (attributes & FILE_ATTRIBUTE_ENCRYPTED)
367                 if (!EncryptFile(path))
368                         goto error;
369
370         return TRUE;
371
372 error_close_handle:
373         err = GetLastError();
374         CloseHandle(h);
375         SetLastError(err);
376 error:
377         return FALSE;
378 }
379
380 static int
381 win32_set_file_attributes(const wchar_t *path, u32 attributes,
382                           struct apply_ctx *ctx, unsigned pass)
383 {
384         u32 special_attributes =
385                 FILE_ATTRIBUTE_REPARSE_POINT |
386                 FILE_ATTRIBUTE_DIRECTORY |
387                 FILE_ATTRIBUTE_SPARSE_FILE |
388                 FILE_ATTRIBUTE_COMPRESSED |
389                 FILE_ATTRIBUTE_ENCRYPTED;
390         u32 actual_attributes;
391
392         /* Delay setting FILE_ATTRIBUTE_READONLY on the initial pass (when files
393          * are created, but data not extracted); otherwise the system will
394          * refuse access to the file even if the process has SeRestorePrivilege.
395          */
396         if (pass == 0)
397                 attributes &= ~FILE_ATTRIBUTE_READONLY;
398
399         if (!SetFileAttributes(path, attributes & ~special_attributes))
400                 goto error;
401
402         if (pass != 0)
403                 return 0;
404
405         if (attributes & (FILE_ATTRIBUTE_SPARSE_FILE |
406                           FILE_ATTRIBUTE_ENCRYPTED |
407                           FILE_ATTRIBUTE_COMPRESSED))
408                 if (!win32_set_special_file_attributes(path, attributes))
409                         goto error;
410
411         /* If file is not supposed to be encrypted or compressed, remove
412          * defaulted encrypted or compressed attributes (from creating file in
413          * encrypted or compressed directory).  */
414         actual_attributes = GetFileAttributes(path);
415         if (actual_attributes == INVALID_FILE_ATTRIBUTES)
416                 goto error;
417
418         if ((actual_attributes & FILE_ATTRIBUTE_ENCRYPTED) &&
419             !(attributes & FILE_ATTRIBUTE_ENCRYPTED))
420                 if (!DecryptFile(path, 0))
421                         goto error;
422         if ((actual_attributes & FILE_ATTRIBUTE_COMPRESSED) &&
423             !(attributes & FILE_ATTRIBUTE_COMPRESSED))
424         {
425                 HANDLE h;
426                 DWORD bytes_returned;
427                 USHORT compression_format = COMPRESSION_FORMAT_NONE;
428
429                 h = win32_open_existing_file(path, GENERIC_READ | GENERIC_WRITE);
430                 if (h == INVALID_HANDLE_VALUE)
431                         goto error;
432
433                 if (!DeviceIoControl(h, FSCTL_SET_COMPRESSION,
434                                      &compression_format, sizeof(USHORT),
435                                      NULL, 0,
436                                      &bytes_returned, NULL))
437                 {
438                         DWORD err = GetLastError();
439                         CloseHandle(h);
440                         SetLastError(err);
441                         goto error;
442                 }
443
444                 if (!CloseHandle(h))
445                         goto error;
446         }
447
448         return 0;
449
450 error:
451         set_errno_from_GetLastError();
452         return WIMLIB_ERR_SET_ATTRIBUTES;
453 }
454
455 static int
456 win32_set_reparse_data(const wchar_t *path, const u8 *rpbuf, u16 rpbuflen,
457                        struct apply_ctx *ctx)
458 {
459         HANDLE h;
460         DWORD err;
461         DWORD bytes_returned;
462
463         h = win32_open_existing_file(path, GENERIC_WRITE);
464         if (h == INVALID_HANDLE_VALUE)
465                 goto error;
466
467         if (!DeviceIoControl(h, FSCTL_SET_REPARSE_POINT,
468                              (void*)rpbuf, rpbuflen,
469                              NULL, 0, &bytes_returned, NULL))
470                 goto error_close_handle;
471
472         if (!CloseHandle(h))
473                 goto error;
474
475         return 0;
476
477 error_close_handle:
478         err = GetLastError();
479         CloseHandle(h);
480         SetLastError(err);
481 error:
482         set_errno_from_GetLastError();
483         return WIMLIB_ERR_WRITE; /* XXX: need better error code */
484 }
485
486 static int
487 win32_set_short_name(const wchar_t *path, const wchar_t *short_name,
488                      size_t short_name_nchars, struct apply_ctx *ctx)
489 {
490         HANDLE h;
491         DWORD err;
492
493         h = win32_open_existing_file(path, GENERIC_WRITE | DELETE);
494         if (h == INVALID_HANDLE_VALUE)
495                 goto error;
496
497         if (short_name_nchars) {
498                 if (!SetFileShortName(h, short_name))
499                         goto error_close_handle;
500         } else if (running_on_windows_7_or_later()) {
501                 if (!SetFileShortName(h, L""))
502                         goto error_close_handle;
503         }
504
505         if (!CloseHandle(h))
506                 goto error;
507
508         return 0;
509
510 error_close_handle:
511         err = GetLastError();
512         CloseHandle(h);
513         SetLastError(err);
514 error:
515         set_errno_from_GetLastError();
516         return WIMLIB_ERR_WRITE; /* XXX: need better error code */
517 }
518
519 static DWORD
520 do_win32_set_security_descriptor(HANDLE h, const wchar_t *path,
521                                  SECURITY_INFORMATION info,
522                                  PSECURITY_DESCRIPTOR desc)
523 {
524 #ifdef WITH_NTDLL
525         if (func_NtSetSecurityObject) {
526                 return (*func_RtlNtStatusToDosError)(
527                                 (*func_NtSetSecurityObject)(h, info, desc));
528         }
529 #endif
530         if (SetFileSecurity(path, info, desc))
531                 return ERROR_SUCCESS;
532         else
533                 return GetLastError();
534 }
535
536 /*
537  * Set an arbitrary security descriptor on an arbitrary file (or directory),
538  * working around bugs and design flaws in the Windows operating system.
539  *
540  * On success, return 0.  On failure, return WIMLIB_ERR_SET_SECURITY and set
541  * errno.  Note: if WIMLIB_EXTRACT_FLAG_STRICT_ACLS is not set in
542  * ctx->extract_flags, this function succeeds iff any part of the security
543  * descriptor was successfully set.
544  */
545 static int
546 win32_set_security_descriptor(const wchar_t *path, const u8 *desc,
547                               size_t desc_size, struct apply_ctx *ctx)
548 {
549         SECURITY_INFORMATION info;
550         HANDLE h;
551         int ret;
552
553         /* We really just want to set entire the security descriptor as-is, but
554          * all available APIs require specifying the specific parts of the
555          * descriptor being set.  Start out by requesting all parts be set.  If
556          * permissions problems are encountered, fall back to omitting some
557          * parts (first the SACL, then the DACL, then the owner), unless the
558          * WIMLIB_EXTRACT_FLAG_STRICT_ACLS flag has been enabled.  */
559         info = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
560                DACL_SECURITY_INFORMATION  | SACL_SECURITY_INFORMATION;
561
562         h = INVALID_HANDLE_VALUE;
563
564         /* Prefer NtSetSecurityObject() to SetFileSecurity().  SetFileSecurity()
565          * itself necessarily uses NtSetSecurityObject() as the latter is the
566          * underlying system call for setting security information, but
567          * SetFileSecurity() opens the handle with NtCreateFile() without
568          * FILE_OPEN_FILE_BACKUP_INTENT.  Hence, access checks are done and due
569          * to the Windows security model, even a process running as the
570          * Administrator can have access denied.  (Of course, this not mentioned
571          * in the MS "documentation".)  */
572
573 #ifdef WITH_NTDLL
574         if (func_NtSetSecurityObject) {
575                 DWORD dwDesiredAccess;
576
577                 /* Open a handle for NtSetSecurityObject() with as many relevant
578                  * access rights as possible.
579                  *
580                  * We don't know which rights will be actually granted.  It
581                  * could be less than what is needed to actually assign the full
582                  * security descriptor, especially if the process is running as
583                  * a non-Administrator.  However, by default we just do the best
584                  * we can, unless WIMLIB_EXTRACT_FLAG_STRICT_ACLS has been
585                  * enabled.  The MAXIMUM_ALLOWED access right is seemingly
586                  * designed for this use case; however, it does not work
587                  * properly in all cases: it can cause CreateFile() to fail with
588                  * ERROR_ACCESS_DENIED, even though by definition
589                  * MAXIMUM_ALLOWED access only requests access rights that are
590                  * *not* denied.  (Needless to say, MS does not document this
591                  * bug.)  */
592
593                 dwDesiredAccess = WRITE_DAC |
594                                   WRITE_OWNER |
595                                   ACCESS_SYSTEM_SECURITY;
596                 for (;;) {
597                         DWORD err;
598
599                         h = win32_open_existing_file(path, dwDesiredAccess);
600                         if (h != INVALID_HANDLE_VALUE)
601                                 break;
602                         err = GetLastError();
603                         if (err == ERROR_ACCESS_DENIED ||
604                             err == ERROR_PRIVILEGE_NOT_HELD)
605                         {
606                                 /* Don't increment partial_security_descriptors
607                                  * here or check WIMLIB_EXTRACT_FLAG_STRICT_ACLS
608                                  * here.  It will be done later if needed; here
609                                  * we are just trying to get as many relevant
610                                  * access rights as possible.  */
611                                 if (dwDesiredAccess & ACCESS_SYSTEM_SECURITY) {
612                                         dwDesiredAccess &= ~ACCESS_SYSTEM_SECURITY;
613                                         continue;
614                                 }
615                                 if (dwDesiredAccess & WRITE_DAC) {
616                                         dwDesiredAccess &= ~WRITE_DAC;
617                                         continue;
618                                 }
619                                 if (dwDesiredAccess & WRITE_OWNER) {
620                                         dwDesiredAccess &= ~WRITE_OWNER;
621                                         continue;
622                                 }
623                         }
624                         /* Other error, or couldn't open the file even with no
625                          * access rights specified.  Something else must be
626                          * wrong.  */
627                         set_errno_from_win32_error(err);
628                         return WIMLIB_ERR_SET_SECURITY;
629                 }
630         }
631 #endif
632
633         /* Try setting the security descriptor.  */
634         for (;;) {
635                 DWORD err;
636
637                 err = do_win32_set_security_descriptor(h, path, info,
638                                                        (PSECURITY_DESCRIPTOR)desc);
639                 if (err == ERROR_SUCCESS) {
640                         ret = 0;
641                         break;
642                 }
643
644                 /* Failed to set the requested parts of the security descriptor.
645                  * If the error was permissions-related, try to set fewer parts
646                  * of the security descriptor, unless
647                  * WIMLIB_EXTRACT_FLAG_STRICT_ACLS is enabled.  */
648                 if ((err == ERROR_PRIVILEGE_NOT_HELD ||
649                      err == ERROR_ACCESS_DENIED) &&
650                     !(ctx->extract_flags & WIMLIB_EXTRACT_FLAG_STRICT_ACLS))
651                 {
652                         if (info & SACL_SECURITY_INFORMATION) {
653                                 info &= ~SACL_SECURITY_INFORMATION;
654                                 ctx->partial_security_descriptors++;
655                                 continue;
656                         }
657                         if (info & DACL_SECURITY_INFORMATION) {
658                                 info &= ~DACL_SECURITY_INFORMATION;
659                                 continue;
660                         }
661                         if (info & OWNER_SECURITY_INFORMATION) {
662                                 info &= ~OWNER_SECURITY_INFORMATION;
663                                 continue;
664                         }
665                         /* Nothing left except GROUP, and if we removed it we
666                          * wouldn't have anything at all.  */
667                 }
668                 /* No part of the security descriptor could be set, or
669                  * WIMLIB_EXTRACT_FLAG_STRICT_ACLS is enabled and the full
670                  * security descriptor could not be set.  */
671                 if (!(info & SACL_SECURITY_INFORMATION))
672                         ctx->partial_security_descriptors--;
673                 set_errno_from_win32_error(err);
674                 ret = WIMLIB_ERR_SET_SECURITY;
675                 break;
676         }
677
678         /* Close handle opened for NtSetSecurityObject().  */
679 #ifdef WITH_NTDLL
680         if (func_NtSetSecurityObject)
681                 CloseHandle(h);
682 #endif
683         return ret;
684 }
685
686 static int
687 win32_set_timestamps(const wchar_t *path, u64 creation_time,
688                      u64 last_write_time, u64 last_access_time,
689                      struct apply_ctx *ctx)
690 {
691         HANDLE h;
692         DWORD err;
693         FILETIME creationTime = {.dwLowDateTime = creation_time & 0xffffffff,
694                                  .dwHighDateTime = creation_time >> 32};
695         FILETIME lastAccessTime = {.dwLowDateTime = last_access_time & 0xffffffff,
696                                   .dwHighDateTime = last_access_time >> 32};
697         FILETIME lastWriteTime = {.dwLowDateTime = last_write_time & 0xffffffff,
698                                   .dwHighDateTime = last_write_time >> 32};
699
700         h = win32_open_existing_file(path, FILE_WRITE_ATTRIBUTES);
701         if (h == INVALID_HANDLE_VALUE)
702                 goto error;
703
704         if (!SetFileTime(h, &creationTime, &lastAccessTime, &lastWriteTime))
705                 goto error_close_handle;
706
707         if (!CloseHandle(h))
708                 goto error;
709
710         return 0;
711
712 error_close_handle:
713         err = GetLastError();
714         CloseHandle(h);
715         SetLastError(err);
716 error:
717         set_errno_from_GetLastError();
718         return WIMLIB_ERR_SET_TIMESTAMPS;
719 }
720
721 const struct apply_operations win32_apply_ops = {
722         .name = L"Win32",
723
724         .target_is_root           = win32_path_is_root_of_drive,
725         .start_extract            = win32_start_extract,
726         .create_file              = win32_create_file,
727         .create_directory         = win32_create_directory,
728         .create_hardlink          = win32_create_hardlink,
729         .create_symlink           = win32_create_symlink,
730         .extract_unnamed_stream   = win32_extract_unnamed_stream,
731         .extract_named_stream     = win32_extract_named_stream,
732         .extract_encrypted_stream = win32_extract_encrypted_stream,
733         .set_file_attributes      = win32_set_file_attributes,
734         .set_reparse_data         = win32_set_reparse_data,
735         .set_short_name           = win32_set_short_name,
736         .set_security_descriptor  = win32_set_security_descriptor,
737         .set_timestamps           = win32_set_timestamps,
738
739         .path_prefix = L"\\\\?\\",
740         .path_prefix_nchars = 4,
741         .path_separator = L'\\',
742         .path_max = 32768,
743
744         .requires_realtarget_in_paths = 1,
745         .realpath_works_on_nonexisting_files = 1,
746         .root_directory_is_special = 1,
747         .requires_final_set_attributes_pass = 1,
748         .extract_encrypted_stream_creates_file = 1,
749         .requires_short_name_reordering = 1, /* TODO: check if this is really needed  */
750 };
751
752 #endif /* __WIN32__ */