extract.c: Fix for running out of file handles
[wimlib] / src / win32_apply.c
1 /*
2  * win32_apply.c - Windows-specific code for applying files from a WIM image.
3  */
4
5 /*
6  * Copyright (C) 2013, 2014 Eric Biggers
7  *
8  * This file is part of wimlib, a library for working with WIM files.
9  *
10  * wimlib is free software; you can redistribute it and/or modify it under the
11  * terms of the GNU General Public License as published by the Free
12  * Software Foundation; either version 3 of the License, or (at your option)
13  * any later version.
14  *
15  * wimlib is distributed in the hope that it will be useful, but WITHOUT ANY
16  * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
17  * A PARTICULAR PURPOSE. See the GNU General Public License for more
18  * details.
19  *
20  * You should have received a copy of the GNU General Public License
21  * along with wimlib; if not, see http://www.gnu.org/licenses/.
22  */
23
24 #ifdef __WIN32__
25
26 #ifdef HAVE_CONFIG_H
27 #  include "config.h"
28 #endif
29
30 #include "wimlib/win32_common.h"
31
32 #include "wimlib/apply.h"
33 #include "wimlib/capture.h" /* for mangle_pat() and match_pattern_list()  */
34 #include "wimlib/dentry.h"
35 #include "wimlib/error.h"
36 #include "wimlib/lookup_table.h"
37 #include "wimlib/metadata.h"
38 #include "wimlib/reparse.h"
39 #include "wimlib/textfile.h"
40 #include "wimlib/xml.h"
41 #include "wimlib/wimboot.h"
42
43 struct win32_apply_ctx {
44
45         /* Extract flags, the pointer to the WIMStruct, etc.  */
46         struct apply_ctx common;
47
48         /* WIMBoot information, only filled in if WIMLIB_EXTRACT_FLAG_WIMBOOT
49          * was provided  */
50         struct {
51                 u64 data_source_id;
52                 struct string_set *prepopulate_pats;
53                 void *mem_prepopulate_pats;
54                 u8 wim_lookup_table_hash[SHA1_HASH_SIZE];
55                 bool wof_running;
56         } wimboot;
57
58         /* Open handle to the target directory  */
59         HANDLE h_target;
60
61         /* NT namespace path to the target directory (buffer allocated)  */
62         UNICODE_STRING target_ntpath;
63
64         /* Temporary buffer for building paths (buffer allocated)  */
65         UNICODE_STRING pathbuf;
66
67         /* Object attributes to reuse for opening files in the target directory.
68          * (attr.ObjectName == &pathbuf) and (attr.RootDirectory == h_target).
69          */
70         OBJECT_ATTRIBUTES attr;
71
72         /* Temporary I/O status block for system calls  */
73         IO_STATUS_BLOCK iosb;
74
75         /* Allocated buffer for creating "printable" paths from our
76          * target-relative NT paths  */
77         wchar_t *print_buffer;
78
79         /* Allocated buffer for reading stream data when it cannot be extracted
80          * directly  */
81         u8 *data_buffer;
82
83         /* Pointer to the next byte in @data_buffer to fill  */
84         u8 *data_buffer_ptr;
85
86         /* Size allocated in @data_buffer  */
87         size_t data_buffer_size;
88
89         /* Current offset in the raw encrypted file being written  */
90         size_t encrypted_offset;
91
92         /* Current size of the raw encrypted file being written  */
93         size_t encrypted_size;
94
95         /* Temporary buffer for reparse data  */
96         struct reparse_buffer_disk rpbuf;
97
98         /* Temporary buffer for reparse data of "fixed" absolute symbolic links
99          * and junction  */
100         struct reparse_buffer_disk rpfixbuf;
101
102         /* Array of open handles to filesystem streams currently being written
103          */
104         HANDLE open_handles[MAX_OPEN_STREAMS];
105
106         /* Number of handles in @open_handles currently open (filled in from the
107          * beginning of the array)  */
108         unsigned num_open_handles;
109
110         /* List of dentries, joined by @tmp_list, that need to have reparse data
111          * extracted as soon as the whole stream has been read into
112          * @data_buffer.  */
113         struct list_head reparse_dentries;
114
115         /* List of dentries, joined by @tmp_list, that need to have raw
116          * encrypted data extracted as soon as the whole stream has been read
117          * into @data_buffer.  */
118         struct list_head encrypted_dentries;
119
120         /* Number of files for which we didn't have permission to set the full
121          * security descriptor.  */
122         unsigned long partial_security_descriptors;
123
124         /* Number of files for which we didn't have permission to set any part
125          * of the security descriptor.  */
126         unsigned long no_security_descriptors;
127 };
128
129 /* Get the drive letter from a Windows path, or return the null character if the
130  * path is relative.  */
131 static wchar_t
132 get_drive_letter(const wchar_t *path)
133 {
134         /* Skip \\?\ prefix  */
135         if (!wcsncmp(path, L"\\\\?\\", 4))
136                 path += 4;
137
138         /* Return drive letter if valid  */
139         if (((path[0] >= L'a' && path[0] <= L'z') ||
140              (path[0] >= L'A' && path[0] <= L'Z')) && path[1] == L':')
141                 return path[0];
142
143         return L'\0';
144 }
145
146 static void
147 get_vol_flags(const wchar_t *target, DWORD *vol_flags_ret,
148               bool *short_names_supported_ret)
149 {
150         wchar_t filesystem_name[MAX_PATH + 1];
151         wchar_t drive[4];
152         wchar_t *volume = NULL;
153
154         *vol_flags_ret = 0;
155         *short_names_supported_ret = false;
156
157         drive[0] = get_drive_letter(target);
158         if (drive[0]) {
159                 drive[1] = L':';
160                 drive[2] = L'\\';
161                 drive[3] = L'\0';
162                 volume = drive;
163         }
164
165         if (!GetVolumeInformation(volume, NULL, 0, NULL, NULL,
166                                   vol_flags_ret, filesystem_name,
167                                   ARRAY_LEN(filesystem_name)))
168         {
169                 DWORD err = GetLastError();
170                 set_errno_from_win32_error(err);
171                 WARNING_WITH_ERRNO("Failed to get volume information for "
172                                    "\"%ls\" (err=%"PRIu32")",
173                                    target, (u32)err);
174                 return;
175         }
176
177         if (wcsstr(filesystem_name, L"NTFS")) {
178                 /* FILE_SUPPORTS_HARD_LINKS is only supported on Windows 7 and
179                  * later.  Force it on anyway if filesystem is NTFS.  */
180                 *vol_flags_ret |= FILE_SUPPORTS_HARD_LINKS;
181
182                 /* There's no volume flag for short names, but according to the
183                  * MS documentation they are only user-settable on NTFS.  */
184                 *short_names_supported_ret = true;
185         }
186 }
187
188 static int
189 win32_get_supported_features(const wchar_t *target,
190                              struct wim_features *supported_features)
191 {
192         DWORD vol_flags;
193         bool short_names_supported;
194
195         /* Query the features of the target volume.  */
196
197         get_vol_flags(target, &vol_flags, &short_names_supported);
198
199         supported_features->archive_files = 1;
200         supported_features->hidden_files = 1;
201         supported_features->system_files = 1;
202
203         if (vol_flags & FILE_FILE_COMPRESSION)
204                 supported_features->compressed_files = 1;
205
206         if (vol_flags & FILE_SUPPORTS_ENCRYPTION) {
207                 supported_features->encrypted_files = 1;
208                 supported_features->encrypted_directories = 1;
209         }
210
211         supported_features->not_context_indexed_files = 1;
212
213         /* Don't do anything with FILE_SUPPORTS_SPARSE_FILES.  */
214
215         if (vol_flags & FILE_NAMED_STREAMS)
216                 supported_features->named_data_streams = 1;
217
218         if (vol_flags & FILE_SUPPORTS_HARD_LINKS)
219                 supported_features->hard_links = 1;
220
221         if (vol_flags & FILE_SUPPORTS_REPARSE_POINTS)
222                 supported_features->reparse_points = 1;
223
224         if (vol_flags & FILE_PERSISTENT_ACLS)
225                 supported_features->security_descriptors = 1;
226
227         if (short_names_supported)
228                 supported_features->short_names = 1;
229
230         supported_features->timestamps = 1;
231
232         /* Note: Windows does not support case sensitive filenames!  At least
233          * not without changing the registry and rebooting...  */
234
235         return 0;
236 }
237
238 /* Load the patterns from [PrepopulateList] of WimBootCompresse.ini in the WIM
239  * image being extracted.  */
240 static int
241 load_prepopulate_pats(struct win32_apply_ctx *ctx)
242 {
243         const wchar_t *path = L"\\Windows\\System32\\WimBootCompress.ini";
244         struct wim_dentry *dentry;
245         struct wim_lookup_table_entry *lte;
246         int ret;
247         void *buf;
248         struct string_set *s;
249         void *mem;
250         struct text_file_section sec;
251
252         dentry = get_dentry(ctx->common.wim, path, WIMLIB_CASE_INSENSITIVE);
253         if (!dentry ||
254             (dentry->d_inode->i_attributes & (FILE_ATTRIBUTE_DIRECTORY |
255                                               FILE_ATTRIBUTE_REPARSE_POINT |
256                                               FILE_ATTRIBUTE_ENCRYPTED)) ||
257             !(lte = inode_unnamed_lte(dentry->d_inode, ctx->common.wim->lookup_table)))
258         {
259                 WARNING("%ls does not exist in WIM image!", path);
260                 return WIMLIB_ERR_PATH_DOES_NOT_EXIST;
261         }
262
263         ret = read_full_stream_into_alloc_buf(lte, &buf);
264         if (ret)
265                 return ret;
266
267         s = CALLOC(1, sizeof(struct string_set));
268         if (!s) {
269                 FREE(buf);
270                 return WIMLIB_ERR_NOMEM;
271         }
272
273         sec.name = T("PrepopulateList");
274         sec.strings = s;
275
276         ret = do_load_text_file(path, buf, lte->size, &mem, &sec, 1,
277                                 LOAD_TEXT_FILE_REMOVE_QUOTES |
278                                         LOAD_TEXT_FILE_NO_WARNINGS,
279                                 mangle_pat);
280         BUILD_BUG_ON(OS_PREFERRED_PATH_SEPARATOR != WIM_PATH_SEPARATOR);
281         FREE(buf);
282         if (ret) {
283                 FREE(s);
284                 return ret;
285         }
286         ctx->wimboot.prepopulate_pats = s;
287         ctx->wimboot.mem_prepopulate_pats = mem;
288         return 0;
289 }
290
291 /* Returns %true if the path to @dentry matches a pattern in [PrepopulateList]
292  * of WimBootCompress.ini.  Otherwise returns %false.
293  *
294  * @dentry must have had its full path calculated.  */
295 static bool
296 in_prepopulate_list(struct wim_dentry *dentry,
297                     const struct win32_apply_ctx *ctx)
298 {
299         const struct string_set *pats = ctx->wimboot.prepopulate_pats;
300
301         if (!pats || !pats->num_strings)
302                 return false;
303
304         return match_pattern_list(dentry->_full_path,
305                                   wcslen(dentry->_full_path), pats);
306 }
307
308 /* Calculates the SHA-1 message digest of the WIM's lookup table.  */
309 static int
310 hash_lookup_table(WIMStruct *wim, u8 hash[SHA1_HASH_SIZE])
311 {
312         return wim_reshdr_to_hash(&wim->hdr.lookup_table_reshdr, wim, hash);
313 }
314
315 /* Prepare for doing a "WIMBoot" extraction by loading patterns from
316  * [PrepopulateList] of WimBootCompress.ini and allocating a WOF data source ID
317  * on the target volume.  */
318 static int
319 start_wimboot_extraction(struct win32_apply_ctx *ctx)
320 {
321         int ret;
322         WIMStruct *wim = ctx->common.wim;
323
324         ret = load_prepopulate_pats(ctx);
325         if (ret == WIMLIB_ERR_NOMEM)
326                 return ret;
327
328         if (!wim_info_get_wimboot(wim->wim_info,
329                                   wim->current_image))
330                 WARNING("Image is not marked as WIMBoot compatible!");
331
332         ret = hash_lookup_table(ctx->common.wim,
333                                 ctx->wimboot.wim_lookup_table_hash);
334         if (ret)
335                 return ret;
336
337         return wimboot_alloc_data_source_id(wim->filename,
338                                             wim->hdr.guid,
339                                             wim->current_image,
340                                             ctx->common.target,
341                                             &ctx->wimboot.data_source_id,
342                                             &ctx->wimboot.wof_running);
343 }
344
345 /* Returns the number of wide characters needed to represent the path to the
346  * specified @dentry, relative to the target directory, when extracted.
347  *
348  * Does not include null terminator (not needed for NtCreateFile).  */
349 static size_t
350 dentry_extraction_path_length(const struct wim_dentry *dentry)
351 {
352         size_t len = 0;
353         const struct wim_dentry *d;
354
355         d = dentry;
356         do {
357                 len += d->d_extraction_name_nchars + 1;
358                 d = d->d_parent;
359         } while (!dentry_is_root(d) && will_extract_dentry(d));
360
361         return --len;  /* No leading slash  */
362 }
363
364 /* Returns the length of the longest string that might need to be appended to
365  * the path to an alias of an inode to open or create a named data stream.
366  *
367  * If the inode has no named data streams, this will be 0.  Otherwise, this will
368  * be 1 plus the length of the longest-named data stream, since the data stream
369  * name must be separated form the path by the ':' character.  */
370 static size_t
371 inode_longest_named_data_stream_spec(const struct wim_inode *inode)
372 {
373         size_t max = 0;
374         for (u16 i = 0; i < inode->i_num_ads; i++) {
375                 size_t len = inode->i_ads_entries[i].stream_name_nbytes;
376                 if (len > max)
377                         max = len;
378         }
379         if (max)
380                 max = 1 + (max / sizeof(wchar_t));
381         return max;
382 }
383
384 /* Find the length, in wide characters, of the longest path needed for
385  * extraction of any file in @dentry_list relative to the target directory.
386  *
387  * Accounts for named data streams, but does not include null terminator (not
388  * needed for NtCreateFile).  */
389 static size_t
390 compute_path_max(struct list_head *dentry_list)
391 {
392         size_t max = 0;
393         const struct wim_dentry *dentry;
394
395         list_for_each_entry(dentry, dentry_list, d_extraction_list_node) {
396                 size_t len;
397
398                 len = dentry_extraction_path_length(dentry);
399
400                 /* Account for named data streams  */
401                 len += inode_longest_named_data_stream_spec(dentry->d_inode);
402
403                 if (len > max)
404                         max = len;
405         }
406
407         return max;
408 }
409
410 /* Build the path at which to extract the @dentry, relative to the target
411  * directory.
412  *
413  * The path is saved in ctx->pathbuf.  */
414 static void
415 build_extraction_path(const struct wim_dentry *dentry,
416                       struct win32_apply_ctx *ctx)
417 {
418         size_t len;
419         wchar_t *p;
420         const struct wim_dentry *d;
421
422         len = dentry_extraction_path_length(dentry);
423
424         ctx->pathbuf.Length = len * sizeof(wchar_t);
425         p = ctx->pathbuf.Buffer + len;
426         for (d = dentry;
427              !dentry_is_root(d->d_parent) && will_extract_dentry(d->d_parent);
428              d = d->d_parent)
429         {
430                 p -= d->d_extraction_name_nchars;
431                 wmemcpy(p, d->d_extraction_name, d->d_extraction_name_nchars);
432                 *--p = '\\';
433         }
434         /* No leading slash  */
435         p -= d->d_extraction_name_nchars;
436         wmemcpy(p, d->d_extraction_name, d->d_extraction_name_nchars);
437 }
438
439 /* Build the path at which to extract the @dentry, relative to the target
440  * directory, adding the suffix for a named data stream.
441  *
442  * The path is saved in ctx->pathbuf.  */
443 static void
444 build_extraction_path_with_ads(const struct wim_dentry *dentry,
445                                struct win32_apply_ctx *ctx,
446                                const wchar_t *stream_name,
447                                size_t stream_name_nchars)
448 {
449         wchar_t *p;
450
451         build_extraction_path(dentry, ctx);
452
453         /* Add :NAME for named data stream  */
454         p = ctx->pathbuf.Buffer + (ctx->pathbuf.Length / sizeof(wchar_t));
455         *p++ = L':';
456         wmemcpy(p, stream_name, stream_name_nchars);
457         ctx->pathbuf.Length += (1 + stream_name_nchars) * sizeof(wchar_t);
458 }
459
460 /* Build the Win32 namespace path to the specified @dentry when extracted.
461  *
462  * The path is saved in ctx->pathbuf and will be null terminated.
463  *
464  * XXX: We could get rid of this if it wasn't needed for the file encryption
465  * APIs.  */
466 static void
467 build_win32_extraction_path(const struct wim_dentry *dentry,
468                             struct win32_apply_ctx *ctx)
469 {
470         build_extraction_path(dentry, ctx);
471
472         /* Prepend target_ntpath to our relative path, then change \??\ into \\?\  */
473
474         memmove(ctx->pathbuf.Buffer +
475                         (ctx->target_ntpath.Length / sizeof(wchar_t)) + 1,
476                 ctx->pathbuf.Buffer, ctx->pathbuf.Length);
477         memcpy(ctx->pathbuf.Buffer, ctx->target_ntpath.Buffer,
478                 ctx->target_ntpath.Length);
479         ctx->pathbuf.Buffer[ctx->target_ntpath.Length / sizeof(wchar_t)] = L'\\';
480         ctx->pathbuf.Length += ctx->target_ntpath.Length + sizeof(wchar_t);
481         ctx->pathbuf.Buffer[ctx->pathbuf.Length / sizeof(wchar_t)] = L'\0';
482
483         wimlib_assert(ctx->pathbuf.Length >= 4 * sizeof(wchar_t) &&
484                       !wmemcmp(ctx->pathbuf.Buffer, L"\\??\\", 4));
485
486         ctx->pathbuf.Buffer[1] = L'\\';
487
488 }
489
490 /* Returns a "printable" representation of the last relative NT path that was
491  * constructed with build_extraction_path() or build_extraction_path_with_ads().
492  *
493  * This will be overwritten by the next call to this function.  */
494 static const wchar_t *
495 current_path(struct win32_apply_ctx *ctx)
496 {
497         wchar_t *p = ctx->print_buffer;
498
499         p = wmempcpy(p, ctx->common.target, ctx->common.target_nchars);
500         *p++ = L'\\';
501         p = wmempcpy(p, ctx->pathbuf.Buffer, ctx->pathbuf.Length / sizeof(wchar_t));
502         *p = L'\0';
503         return ctx->print_buffer;
504 }
505
506 /*
507  * Ensures the target directory exists and opens a handle to it, in preparation
508  * of using paths relative to it.
509  */
510 static int
511 prepare_target(struct list_head *dentry_list, struct win32_apply_ctx *ctx)
512 {
513         NTSTATUS status;
514         size_t path_max;
515
516         /* Open handle to the target directory (possibly creating it).  */
517
518         if (func_RtlDosPathNameToNtPathName_U_WithStatus) {
519                 status = (*func_RtlDosPathNameToNtPathName_U_WithStatus)(ctx->common.target,
520                                                                          &ctx->target_ntpath,
521                                                                          NULL, NULL);
522         } else {
523                 if ((*func_RtlDosPathNameToNtPathName_U)(ctx->common.target,
524                                                          &ctx->target_ntpath,
525                                                          NULL, NULL))
526                         status = STATUS_SUCCESS;
527                 else
528                         status = STATUS_NO_MEMORY;
529         }
530         if (!NT_SUCCESS(status)) {
531                 if (status == STATUS_NO_MEMORY) {
532                         return WIMLIB_ERR_NOMEM;
533                 } else {
534                         ERROR("\"%ls\": invalid path name "
535                               "(status=0x%08"PRIx32")",
536                               ctx->common.target, (u32)status);
537                         return WIMLIB_ERR_INVALID_PARAM;
538                 }
539         }
540
541         ctx->attr.Length = sizeof(ctx->attr);
542         ctx->attr.ObjectName = &ctx->target_ntpath;
543
544         status = (*func_NtCreateFile)(&ctx->h_target,
545                                       FILE_TRAVERSE,
546                                       &ctx->attr,
547                                       &ctx->iosb,
548                                       NULL,
549                                       0,
550                                       FILE_SHARE_VALID_FLAGS,
551                                       FILE_OPEN_IF,
552                                       FILE_DIRECTORY_FILE |
553                                               FILE_OPEN_REPARSE_POINT |
554                                               FILE_OPEN_FOR_BACKUP_INTENT,
555                                       NULL,
556                                       0);
557
558         if (!NT_SUCCESS(status)) {
559                 set_errno_from_nt_status(status);
560                 ERROR_WITH_ERRNO("Can't open or create directory \"%ls\" "
561                                  "(status=0x%08"PRIx32")",
562                                  ctx->common.target, (u32)status);
563                 return WIMLIB_ERR_OPENDIR;
564         }
565
566         path_max = compute_path_max(dentry_list);
567
568         /* Add some extra for building Win32 paths for the file encryption APIs
569          * ...  */
570         path_max += 2 + (ctx->target_ntpath.Length / sizeof(wchar_t));
571
572         ctx->pathbuf.MaximumLength = path_max * sizeof(wchar_t);
573         ctx->pathbuf.Buffer = MALLOC(ctx->pathbuf.MaximumLength);
574         if (!ctx->pathbuf.Buffer)
575                 return WIMLIB_ERR_NOMEM;
576
577         ctx->attr.RootDirectory = ctx->h_target;
578         ctx->attr.ObjectName = &ctx->pathbuf;
579
580         ctx->print_buffer = MALLOC((ctx->common.target_nchars + 1 + path_max + 1) *
581                                    sizeof(wchar_t));
582         if (!ctx->print_buffer)
583                 return WIMLIB_ERR_NOMEM;
584
585         return 0;
586 }
587
588 /* When creating an inode that will have a short (DOS) name, we create it using
589  * the long name associated with the short name.  This ensures that the short
590  * name gets associated with the correct long name.  */
591 static const struct wim_dentry *
592 first_extraction_alias(const struct wim_inode *inode)
593 {
594         const struct list_head *next = inode->i_extraction_aliases.next;
595         const struct wim_dentry *dentry;
596
597         do {
598                 dentry = list_entry(next, struct wim_dentry,
599                                     d_extraction_alias_node);
600                 if (dentry_has_short_name(dentry))
601                         break;
602                 next = next->next;
603         } while (next != &inode->i_extraction_aliases);
604         return dentry;
605 }
606
607 /*
608  * Set or clear FILE_ATTRIBUTE_COMPRESSED if the inherited value is different
609  * from the desired value.
610  *
611  * Note that you can NOT override the inherited value of
612  * FILE_ATTRIBUTE_COMPRESSED directly with NtCreateFile().
613  */
614 static int
615 adjust_compression_attribute(HANDLE h, const struct wim_dentry *dentry,
616                              struct win32_apply_ctx *ctx)
617 {
618         const bool compressed = (dentry->d_inode->i_attributes &
619                                  FILE_ATTRIBUTE_COMPRESSED);
620
621         if (ctx->common.extract_flags & WIMLIB_EXTRACT_FLAG_NO_ATTRIBUTES)
622                 return 0;
623
624         if (!ctx->common.supported_features.compressed_files)
625                 return 0;
626
627         FILE_BASIC_INFORMATION info;
628         NTSTATUS status;
629         USHORT compression_state;
630
631         /* Get current attributes  */
632         status = (*func_NtQueryInformationFile)(h, &ctx->iosb,
633                                                 &info, sizeof(info),
634                                                 FileBasicInformation);
635         if (NT_SUCCESS(status) &&
636             compressed == !!(info.FileAttributes & FILE_ATTRIBUTE_COMPRESSED))
637         {
638                 /* Nothing needs to be done.  */
639                 return 0;
640         }
641
642         /* Set the new compression state  */
643
644         if (compressed)
645                 compression_state = COMPRESSION_FORMAT_DEFAULT;
646         else
647                 compression_state = COMPRESSION_FORMAT_NONE;
648
649         status = (*func_NtFsControlFile)(h,
650                                          NULL,
651                                          NULL,
652                                          NULL,
653                                          &ctx->iosb,
654                                          FSCTL_SET_COMPRESSION,
655                                          &compression_state,
656                                          sizeof(USHORT),
657                                          NULL,
658                                          0);
659         if (NT_SUCCESS(status))
660                 return 0;
661
662         set_errno_from_nt_status(status);
663         ERROR_WITH_ERRNO("Can't %s compression attribute on \"%ls\" "
664                          "(status=0x%08"PRIx32")",
665                          (compressed ? "set" : "clear"),
666                          current_path(ctx), status);
667         return WIMLIB_ERR_SET_ATTRIBUTES;
668 }
669
670 /*
671  * Clear FILE_ATTRIBUTE_ENCRYPTED if the file or directory is not supposed to be
672  * encrypted.
673  *
674  * You can provide FILE_ATTRIBUTE_ENCRYPTED to NtCreateFile() to set it on the
675  * created file.  However, the file or directory will otherwise default to the
676  * encryption state of the parent directory.  This function works around this
677  * limitation by using DecryptFile() to remove FILE_ATTRIBUTE_ENCRYPTED on files
678  * (and directories) that are not supposed to have it set.
679  *
680  * Regardless of whether it succeeds or fails, this function may close the
681  * handle to the file.  If it does, it sets it to NULL.
682  */
683 static int
684 maybe_clear_encryption_attribute(HANDLE *h_ret, const struct wim_dentry *dentry,
685                                  struct win32_apply_ctx *ctx)
686 {
687         if (dentry->d_inode->i_attributes & FILE_ATTRIBUTE_ENCRYPTED)
688                 return 0;
689
690         if (ctx->common.extract_flags & WIMLIB_EXTRACT_FLAG_NO_ATTRIBUTES)
691                 return 0;
692
693         if (!ctx->common.supported_features.encrypted_files)
694                 return 0;
695
696         FILE_BASIC_INFORMATION info;
697         NTSTATUS status;
698         BOOL bret;
699
700         /* Get current attributes  */
701         status = (*func_NtQueryInformationFile)(*h_ret, &ctx->iosb,
702                                                 &info, sizeof(info),
703                                                 FileBasicInformation);
704         if (NT_SUCCESS(status) &&
705             !(info.FileAttributes & FILE_ATTRIBUTE_ENCRYPTED))
706         {
707                 /* Nothing needs to be done.  */
708                 return 0;
709         }
710
711         /* Set the new encryption state  */
712
713         /* Due to Windows' crappy file encryption APIs, we need to close the
714          * handle to the file so we don't get ERROR_SHARING_VIOLATION.  We also
715          * hack together a Win32 path, although we will use the \\?\ prefix so
716          * it will actually be a NT path in disguise...  */
717         (*func_NtClose)(*h_ret);
718         *h_ret = NULL;
719
720         build_win32_extraction_path(dentry, ctx);
721
722         bret = DecryptFile(ctx->pathbuf.Buffer, 0);
723
724         /* Restore the NT namespace path  */
725         build_extraction_path(dentry, ctx);
726
727         if (!bret) {
728                 DWORD err = GetLastError();
729                 set_errno_from_win32_error(err);
730                 ERROR_WITH_ERRNO("Can't decrypt file \"%ls\" (err=%"PRIu32")",
731                                   current_path(ctx), (u32)err);
732                 return WIMLIB_ERR_SET_ATTRIBUTES;
733         }
734         return 0;
735 }
736
737 /* Set the short name on the open file @h which has been created at the location
738  * indicated by @dentry.
739  *
740  * Note that this may add, change, or remove the short name.
741  *
742  * @h must be opened with DELETE access.
743  *
744  * Returns 0 or WIMLIB_ERR_SET_SHORT_NAME.  The latter only happens in
745  * STRICT_SHORT_NAMES mode.
746  */
747 static int
748 set_short_name(HANDLE h, const struct wim_dentry *dentry,
749                struct win32_apply_ctx *ctx)
750 {
751         size_t bufsize = offsetof(FILE_NAME_INFORMATION, FileName) +
752                          dentry->short_name_nbytes;
753         u8 buf[bufsize] _aligned_attribute(8);
754         FILE_NAME_INFORMATION *info = (FILE_NAME_INFORMATION *)buf;
755         NTSTATUS status;
756
757         info->FileNameLength = dentry->short_name_nbytes;
758         memcpy(info->FileName, dentry->short_name, dentry->short_name_nbytes);
759
760         status = (*func_NtSetInformationFile)(h, &ctx->iosb, info, bufsize,
761                                               FileShortNameInformation);
762         if (NT_SUCCESS(status))
763                 return 0;
764
765         /* By default, failure to set short names is not an error (since short
766          * names aren't too important anymore...).  */
767         if (!(ctx->common.extract_flags & WIMLIB_EXTRACT_FLAG_STRICT_SHORT_NAMES))
768                 return 0;
769
770         if (status == STATUS_SHORT_NAMES_NOT_ENABLED_ON_VOLUME) {
771                 if (dentry->short_name_nbytes == 0)
772                         return 0;
773                 ERROR("Can't extract short name when short "
774                       "names are not enabled on the volume!");
775         } else {
776                 ERROR("Can't set short name on \"%ls\" (status=0x%08"PRIx32")",
777                       current_path(ctx), (u32)status);
778         }
779         return WIMLIB_ERR_SET_SHORT_NAME;
780 }
781
782 /*
783  * A wrapper around NtCreateFile() to make it slightly more usable...
784  * This uses the path currently constructed in ctx->pathbuf.
785  *
786  * Also, we always specify FILE_OPEN_FOR_BACKUP_INTENT and
787  * FILE_OPEN_REPARSE_POINT.
788  */
789 static NTSTATUS
790 do_create_file(PHANDLE FileHandle,
791                ACCESS_MASK DesiredAccess,
792                PLARGE_INTEGER AllocationSize,
793                ULONG FileAttributes,
794                ULONG CreateDisposition,
795                ULONG CreateOptions,
796                struct win32_apply_ctx *ctx)
797 {
798         return (*func_NtCreateFile)(FileHandle,
799                                     DesiredAccess,
800                                     &ctx->attr,
801                                     &ctx->iosb,
802                                     AllocationSize,
803                                     FileAttributes,
804                                     FILE_SHARE_VALID_FLAGS,
805                                     CreateDisposition,
806                                     CreateOptions |
807                                         FILE_OPEN_FOR_BACKUP_INTENT |
808                                         FILE_OPEN_REPARSE_POINT,
809                                     NULL,
810                                     0);
811 }
812
813 /* Like do_create_file(), but builds the extraction path of the @dentry first.
814  */
815 static NTSTATUS
816 create_file(PHANDLE FileHandle,
817             ACCESS_MASK DesiredAccess,
818             PLARGE_INTEGER AllocationSize,
819             ULONG FileAttributes,
820             ULONG CreateDisposition,
821             ULONG CreateOptions,
822             const struct wim_dentry *dentry,
823             struct win32_apply_ctx *ctx)
824 {
825         build_extraction_path(dentry, ctx);
826         return do_create_file(FileHandle,
827                               DesiredAccess,
828                               AllocationSize,
829                               FileAttributes,
830                               CreateDisposition,
831                               CreateOptions,
832                               ctx);
833 }
834
835 /* Create empty named data streams.
836  *
837  * Since these won't have 'struct wim_lookup_table_entry's, they won't show up
838  * in the call to extract_stream_list().  Hence the need for the special case.
839  */
840 static int
841 create_any_empty_ads(const struct wim_dentry *dentry,
842                      struct win32_apply_ctx *ctx)
843 {
844         const struct wim_inode *inode = dentry->d_inode;
845         LARGE_INTEGER allocation_size;
846         bool path_modified = false;
847         int ret = 0;
848
849         if (!ctx->common.supported_features.named_data_streams)
850                 return 0;
851
852         for (u16 i = 0; i < inode->i_num_ads; i++) {
853                 const struct wim_ads_entry *entry;
854                 NTSTATUS status;
855                 HANDLE h;
856
857                 entry = &inode->i_ads_entries[i];
858
859                 /* Not named?  */
860                 if (!entry->stream_name_nbytes)
861                         continue;
862
863                 /* Not empty?  */
864                 if (entry->lte)
865                         continue;
866
867                 /* Probably setting the allocation size to 0 has no effect, but
868                  * we might as well try.  */
869                 allocation_size.QuadPart = 0;
870
871                 build_extraction_path_with_ads(dentry, ctx,
872                                                entry->stream_name,
873                                                entry->stream_name_nbytes /
874                                                         sizeof(wchar_t));
875                 path_modified = true;
876                 status = do_create_file(&h, FILE_WRITE_DATA, &allocation_size,
877                                         0, FILE_SUPERSEDE, 0, ctx);
878                 if (!NT_SUCCESS(status)) {
879                         set_errno_from_nt_status(status);
880                         ERROR_WITH_ERRNO("Can't create \"%ls\" "
881                                          "(status=0x%08"PRIx32")",
882                                          current_path(ctx), (u32)status);
883                         ret = WIMLIB_ERR_OPEN;
884                         break;
885                 }
886                 (*func_NtClose)(h);
887         }
888         /* Restore the path to the dentry itself  */
889         if (path_modified)
890                 build_extraction_path(dentry, ctx);
891         return ret;
892 }
893
894 /*
895  * Creates the directory named by @dentry, or uses an existing directory at that
896  * location.  If necessary, sets the short name and/or fixes compression and
897  * encryption attributes.
898  *
899  * Returns 0, WIMLIB_ERR_MKDIR, or WIMLIB_ERR_SET_SHORT_NAME.
900  */
901 static int
902 create_directory(const struct wim_dentry *dentry,
903                  struct win32_apply_ctx *ctx)
904 {
905         HANDLE h;
906         NTSTATUS status;
907         int ret;
908         ULONG attrib;
909
910         /* Special attributes:
911          *
912          * Use FILE_ATTRIBUTE_ENCRYPTED if the directory needs to have it set.
913          * This doesn't work for FILE_ATTRIBUTE_COMPRESSED (unfortunately).
914          *
915          * Don't specify FILE_ATTRIBUTE_DIRECTORY; it gets set anyway as a
916          * result of the FILE_DIRECTORY_FILE option.  */
917         attrib = (dentry->d_inode->i_attributes & FILE_ATTRIBUTE_ENCRYPTED);
918
919         /* DELETE is needed for set_short_name().
920          * GENERIC_READ and GENERIC_WRITE are needed for
921          * adjust_compression_attribute().  */
922         status = create_file(&h, GENERIC_READ | GENERIC_WRITE | DELETE, NULL,
923                              attrib, FILE_OPEN_IF, FILE_DIRECTORY_FILE,
924                              dentry, ctx);
925         if (!NT_SUCCESS(status)) {
926                 set_errno_from_nt_status(status);
927                 ERROR_WITH_ERRNO("Can't create directory \"%ls\" "
928                                  "(status=0x%08"PRIx32")",
929                                  current_path(ctx), (u32)status);
930                 return WIMLIB_ERR_MKDIR;
931         }
932
933         ret = set_short_name(h, dentry, ctx);
934
935         if (!ret)
936                 ret = adjust_compression_attribute(h, dentry, ctx);
937
938         if (!ret)
939                 ret = maybe_clear_encryption_attribute(&h, dentry, ctx);
940                 /* May close the handle!!! */
941
942         if (h)
943                 (*func_NtClose)(h);
944         return ret;
945 }
946
947 /*
948  * Create all the directories being extracted, other than the target directory
949  * itself.
950  *
951  * Note: we don't honor directory hard links.  However, we don't allow them to
952  * exist in WIM images anyway (see inode_fixup.c).
953  */
954 static int
955 create_directories(struct list_head *dentry_list,
956                    struct win32_apply_ctx *ctx)
957 {
958         const struct wim_dentry *dentry;
959         int ret;
960
961         list_for_each_entry(dentry, dentry_list, d_extraction_list_node) {
962
963                 if (!(dentry->d_inode->i_attributes & FILE_ATTRIBUTE_DIRECTORY))
964                         continue;
965
966                 /* Note: Here we include files with
967                  * FILE_ATTRIBUTE_DIRECTORY|FILE_ATTRIBUTE_REPARSE_POINT, but we
968                  * wait until later to actually set the reparse data.  */
969
970                 /* If the root dentry is being extracted, it was already done so
971                  * it prepare_target().  */
972                 if (dentry_is_root(dentry))
973                         continue;
974
975                 ret = create_directory(dentry, ctx);
976                 if (ret)
977                         return ret;
978
979                 ret = create_any_empty_ads(dentry, ctx);
980                 if (ret)
981                         return ret;
982         }
983         return 0;
984 }
985
986 /*
987  * Creates the nondirectory file named by @dentry.
988  *
989  * On success, returns an open handle to the file in @h_ret, with GENERIC_READ,
990  * GENERIC_WRITE, and DELETE access.  Also, the path to the file will be saved
991  * in ctx->pathbuf.  On failure, returns WIMLIB_ERR_OPEN.
992  */
993 static int
994 create_nondirectory_inode(HANDLE *h_ret, const struct wim_dentry *dentry,
995                           struct win32_apply_ctx *ctx)
996 {
997         const struct wim_inode *inode;
998         ULONG attrib;
999         NTSTATUS status;
1000         bool retried = false;
1001
1002         inode = dentry->d_inode;
1003
1004         /* If the file already exists and has FILE_ATTRIBUTE_SYSTEM and/or
1005          * FILE_ATTRIBUTE_HIDDEN, these must be specified in order to supersede
1006          * the file.
1007          *
1008          * Normally the user shouldn't be trying to overwrite such files anyway,
1009          * but we at least provide FILE_ATTRIBUTE_SYSTEM and
1010          * FILE_ATTRIBUTE_HIDDEN if the WIM inode has those attributes so that
1011          * we catch the case where the user extracts the same files to the same
1012          * location more than one time.
1013          *
1014          * Also specify FILE_ATTRIBUTE_ENCRYPTED if the file needs to be
1015          * encrypted.
1016          *
1017          * In NO_ATTRIBUTES mode just don't specify any attributes at all.
1018          */
1019         if (ctx->common.extract_flags & WIMLIB_EXTRACT_FLAG_NO_ATTRIBUTES) {
1020                 attrib = 0;
1021         } else {
1022                 attrib = (inode->i_attributes & (FILE_ATTRIBUTE_SYSTEM |
1023                                                  FILE_ATTRIBUTE_HIDDEN |
1024                                                  FILE_ATTRIBUTE_ENCRYPTED));
1025         }
1026         build_extraction_path(dentry, ctx);
1027 retry:
1028         status = do_create_file(h_ret, GENERIC_READ | GENERIC_WRITE | DELETE,
1029                                 NULL, attrib, FILE_SUPERSEDE,
1030                                 FILE_NON_DIRECTORY_FILE, ctx);
1031         if (NT_SUCCESS(status)) {
1032                 int ret;
1033
1034                 ret = adjust_compression_attribute(*h_ret, dentry, ctx);
1035                 if (ret) {
1036                         (*func_NtClose)(*h_ret);
1037                         return ret;
1038                 }
1039
1040                 ret = maybe_clear_encryption_attribute(h_ret, dentry, ctx);
1041                 /* May close the handle!!! */
1042
1043                 if (ret) {
1044                         if (*h_ret)
1045                                 (*func_NtClose)(*h_ret);
1046                         return ret;
1047                 }
1048
1049                 if (!*h_ret) {
1050                         /* Re-open the handle so that we can return it on
1051                          * success.  */
1052                         status = do_create_file(h_ret,
1053                                                 GENERIC_READ |
1054                                                         GENERIC_WRITE | DELETE,
1055                                                 NULL, 0, FILE_OPEN,
1056                                                 FILE_NON_DIRECTORY_FILE, ctx);
1057                         if (!NT_SUCCESS(status))
1058                                 goto fail;
1059                 }
1060
1061                 ret = create_any_empty_ads(dentry, ctx);
1062                 if (ret) {
1063                         (*func_NtClose)(*h_ret);
1064                         return ret;
1065                 }
1066                 return 0;
1067         }
1068
1069         if (status == STATUS_ACCESS_DENIED && !retried) {
1070                 /* We also can't supersede an existing file that has
1071                  * FILE_ATTRIBUTE_READONLY set; doing so causes NtCreateFile()
1072                  * to return STATUS_ACCESS_DENIED .  The only workaround seems
1073                  * to be to explicitly remove FILE_ATTRIBUTE_READONLY on the
1074                  * existing file, then try again.  */
1075
1076                 FILE_BASIC_INFORMATION info;
1077                 HANDLE h;
1078
1079                 status = do_create_file(&h, FILE_WRITE_ATTRIBUTES, NULL, 0,
1080                                         FILE_OPEN, FILE_NON_DIRECTORY_FILE, ctx);
1081                 if (!NT_SUCCESS(status))
1082                         goto fail;
1083
1084                 memset(&info, 0, sizeof(info));
1085                 info.FileAttributes = FILE_ATTRIBUTE_NORMAL;
1086
1087                 status = (*func_NtSetInformationFile)(h, &ctx->iosb,
1088                                                       &info, sizeof(info),
1089                                                       FileBasicInformation);
1090                 (*func_NtClose)(h);
1091                 if (!NT_SUCCESS(status))
1092                         goto fail;
1093                 retried = true;
1094                 goto retry;
1095         }
1096 fail:
1097         set_errno_from_nt_status(status);
1098         ERROR_WITH_ERRNO("Can't create file \"%ls\" (status=0x%08"PRIx32")",
1099                          current_path(ctx), (u32)status);
1100         return WIMLIB_ERR_OPEN;
1101 }
1102
1103 /* Creates a hard link at the location named by @dentry to the file represented
1104  * by the open handle @h.  Or, if the target volume does not support hard links,
1105  * create a separate file instead.  */
1106 static int
1107 create_link(HANDLE h, const struct wim_dentry *dentry,
1108             struct win32_apply_ctx *ctx)
1109 {
1110         if (ctx->common.supported_features.hard_links) {
1111
1112                 build_extraction_path(dentry, ctx);
1113
1114                 size_t bufsize = offsetof(FILE_LINK_INFORMATION, FileName) +
1115                                  ctx->pathbuf.Length + sizeof(wchar_t);
1116                 u8 buf[bufsize] _aligned_attribute(8);
1117                 FILE_LINK_INFORMATION *info = (FILE_LINK_INFORMATION *)buf;
1118                 NTSTATUS status;
1119
1120                 info->ReplaceIfExists = TRUE;
1121                 info->RootDirectory = ctx->attr.RootDirectory;
1122                 info->FileNameLength = ctx->pathbuf.Length;
1123                 memcpy(info->FileName, ctx->pathbuf.Buffer, ctx->pathbuf.Length);
1124                 info->FileName[info->FileNameLength / 2] = L'\0';
1125
1126                 /* Note: the null terminator isn't actually necessary,
1127                  * but if you don't add the extra character, you get
1128                  * STATUS_INFO_LENGTH_MISMATCH when FileNameLength
1129                  * happens to be 2  */
1130
1131                 status = (*func_NtSetInformationFile)(h, &ctx->iosb,
1132                                                       info, bufsize,
1133                                                       FileLinkInformation);
1134                 if (NT_SUCCESS(status))
1135                         return 0;
1136                 ERROR("Failed to create link \"%ls\" (status=0x%08"PRIx32")",
1137                       current_path(ctx), (u32)status);
1138                 return WIMLIB_ERR_LINK;
1139         } else {
1140                 HANDLE h2;
1141                 int ret;
1142
1143                 ret = create_nondirectory_inode(&h2, dentry, ctx);
1144                 if (ret)
1145                         return ret;
1146
1147                 (*func_NtClose)(h2);
1148                 return 0;
1149         }
1150 }
1151
1152 /* Given an inode (represented by the open handle @h) for which one link has
1153  * been created (named by @first_dentry), create the other links.
1154  *
1155  * Or, if the target volume does not support hard links, create separate files.
1156  *
1157  * Note: This uses ctx->pathbuf and does not reset it.
1158  */
1159 static int
1160 create_links(HANDLE h, const struct wim_dentry *first_dentry,
1161              struct win32_apply_ctx *ctx)
1162 {
1163         const struct wim_inode *inode;
1164         const struct list_head *next;
1165         const struct wim_dentry *dentry;
1166         int ret;
1167
1168         inode = first_dentry->d_inode;
1169         next = inode->i_extraction_aliases.next;
1170         do {
1171                 dentry = list_entry(next, struct wim_dentry,
1172                                     d_extraction_alias_node);
1173                 if (dentry != first_dentry) {
1174                         ret = create_link(h, dentry, ctx);
1175                         if (ret)
1176                                 return ret;
1177                 }
1178                 next = next->next;
1179         } while (next != &inode->i_extraction_aliases);
1180         return 0;
1181 }
1182
1183 /* Create a nondirectory file, including all links.  */
1184 static int
1185 create_nondirectory(const struct wim_inode *inode, struct win32_apply_ctx *ctx)
1186 {
1187         const struct wim_dentry *first_dentry;
1188         HANDLE h;
1189         int ret;
1190
1191         first_dentry = first_extraction_alias(inode);
1192
1193         /* Create first link.  */
1194         ret = create_nondirectory_inode(&h, first_dentry, ctx);
1195         if (ret)
1196                 return ret;
1197
1198         /* Set short name.  */
1199         ret = set_short_name(h, first_dentry, ctx);
1200
1201         /* Create additional links, OR if hard links are not supported just
1202          * create more files.  */
1203         if (!ret)
1204                 ret = create_links(h, first_dentry, ctx);
1205
1206         (*func_NtClose)(h);
1207         return ret;
1208 }
1209
1210 /* Create all the nondirectory files being extracted, including all aliases
1211  * (hard links).  */
1212 static int
1213 create_nondirectories(struct list_head *dentry_list, struct win32_apply_ctx *ctx)
1214 {
1215         const struct wim_dentry *dentry;
1216         const struct wim_inode *inode;
1217         int ret;
1218
1219         list_for_each_entry(dentry, dentry_list, d_extraction_list_node) {
1220                 inode = dentry->d_inode;
1221                 if (inode->i_attributes & FILE_ATTRIBUTE_DIRECTORY)
1222                         continue;
1223                 /* Call create_nondirectory() only once per inode  */
1224                 if (dentry != inode_first_extraction_dentry(inode))
1225                         continue;
1226                 ret = create_nondirectory(inode, ctx);
1227                 if (ret)
1228                         return ret;
1229         }
1230         return 0;
1231 }
1232
1233 static void
1234 close_handles(struct win32_apply_ctx *ctx)
1235 {
1236         for (unsigned i = 0; i < ctx->num_open_handles; i++)
1237                 (*func_NtClose)(ctx->open_handles[i]);
1238 }
1239
1240 /* Prepare to read the next stream, which has size @stream_size, into an
1241  * in-memory buffer.  */
1242 static int
1243 prepare_data_buffer(struct win32_apply_ctx *ctx, u64 stream_size)
1244 {
1245         if (stream_size > ctx->data_buffer_size) {
1246                 /* Larger buffer needed.  */
1247                 void *new_buffer;
1248                 if ((size_t)stream_size != stream_size)
1249                         return WIMLIB_ERR_NOMEM;
1250                 new_buffer = REALLOC(ctx->data_buffer, stream_size);
1251                 if (!new_buffer)
1252                         return WIMLIB_ERR_NOMEM;
1253                 ctx->data_buffer = new_buffer;
1254                 ctx->data_buffer_size = stream_size;
1255         }
1256         /* On the first call this changes data_buffer_ptr from NULL, which tells
1257          * extract_chunk() that the data buffer needs to be filled while reading
1258          * the stream data.  */
1259         ctx->data_buffer_ptr = ctx->data_buffer;
1260         return 0;
1261 }
1262
1263 static int
1264 begin_extract_stream_instance(const struct wim_lookup_table_entry *stream,
1265                               struct wim_dentry *dentry,
1266                               const wchar_t *stream_name,
1267                               struct win32_apply_ctx *ctx)
1268 {
1269         const struct wim_inode *inode = dentry->d_inode;
1270         size_t stream_name_nchars = 0;
1271         FILE_ALLOCATION_INFORMATION alloc_info;
1272         HANDLE h;
1273         NTSTATUS status;
1274
1275         if (unlikely(stream_name))
1276                 stream_name_nchars = wcslen(stream_name);
1277
1278         if (unlikely(stream_name_nchars)) {
1279                 build_extraction_path_with_ads(dentry, ctx,
1280                                                stream_name, stream_name_nchars);
1281         } else {
1282                 build_extraction_path(dentry, ctx);
1283         }
1284
1285         /* Reparse point?  */
1286         if (unlikely(inode->i_attributes & FILE_ATTRIBUTE_REPARSE_POINT)
1287             && (stream_name_nchars == 0))
1288         {
1289                 if (!ctx->common.supported_features.reparse_points)
1290                         return 0;
1291
1292                 /* We can't write the reparse stream directly; we must set it
1293                  * with FSCTL_SET_REPARSE_POINT, which requires that all the
1294                  * data be available.  So, stage the data in a buffer.  */
1295
1296                 list_add_tail(&dentry->tmp_list, &ctx->reparse_dentries);
1297                 return prepare_data_buffer(ctx, stream->size);
1298         }
1299
1300         /* Encrypted file?  */
1301         if (unlikely(inode->i_attributes & FILE_ATTRIBUTE_ENCRYPTED)
1302             && (stream_name_nchars == 0))
1303         {
1304                 if (!ctx->common.supported_features.encrypted_files)
1305                         return 0;
1306
1307                 /* We can't write encrypted file streams directly; we must use
1308                  * WriteEncryptedFileRaw(), which requires providing the data
1309                  * through a callback function.  This can't easily be combined
1310                  * with our own callback-based approach.
1311                  *
1312                  * The current workaround is to simply read the stream into
1313                  * memory and write the encrypted file from that.
1314                  *
1315                  * TODO: This isn't sufficient for extremely large encrypted
1316                  * files.  Perhaps we should create an extra thread to write
1317                  * such files...  */
1318                 list_add_tail(&dentry->tmp_list, &ctx->encrypted_dentries);
1319                 return prepare_data_buffer(ctx, stream->size);
1320         }
1321
1322         /* Extracting unnamed data stream in WIMBoot mode?  */
1323         if (unlikely(ctx->common.extract_flags & WIMLIB_EXTRACT_FLAG_WIMBOOT)
1324             && (stream_name_nchars == 0)
1325             && (stream->resource_location == RESOURCE_IN_WIM)
1326             && (stream->rspec->wim == ctx->common.wim)
1327             && (stream->size == stream->rspec->uncompressed_size))
1328         {
1329                 int ret = calculate_dentry_full_path(dentry);
1330                 if (ret)
1331                         return ret;
1332                 if (in_prepopulate_list(dentry, ctx)) {
1333                         union wimlib_progress_info info;
1334
1335                         info.wimboot_exclude.path_in_wim = dentry->_full_path;
1336                         info.wimboot_exclude.extraction_path = current_path(ctx);
1337
1338                         ret = call_progress(ctx->common.progfunc,
1339                                             WIMLIB_PROGRESS_MSG_WIMBOOT_EXCLUDE,
1340                                             &info, ctx->common.progctx);
1341                         FREE(dentry->_full_path);
1342                         dentry->_full_path = NULL;
1343                         if (ret)
1344                                 return ret;
1345                         /* Go on and open the file for normal extraction.  */
1346                 } else {
1347                         FREE(dentry->_full_path);
1348                         dentry->_full_path = NULL;
1349                         return wimboot_set_pointer(&ctx->attr,
1350                                                    current_path(ctx),
1351                                                    stream,
1352                                                    ctx->wimboot.data_source_id,
1353                                                    ctx->wimboot.wim_lookup_table_hash,
1354                                                    ctx->wimboot.wof_running);
1355                 }
1356         }
1357
1358         if (ctx->num_open_handles == MAX_OPEN_STREAMS) {
1359                 /* XXX: Fix this.  But because of the checks in
1360                  * extract_stream_list(), this can now only happen on a
1361                  * filesystem that does not support hard links.  */
1362                 ERROR("Can't extract data: too many open files!");
1363                 return WIMLIB_ERR_UNSUPPORTED;
1364         }
1365
1366         /* Open a new handle  */
1367         status = do_create_file(&h,
1368                                 FILE_WRITE_DATA | SYNCHRONIZE,
1369                                 NULL, 0, FILE_OPEN_IF,
1370                                 FILE_SEQUENTIAL_ONLY |
1371                                         FILE_SYNCHRONOUS_IO_NONALERT,
1372                                 ctx);
1373         if (!NT_SUCCESS(status)) {
1374                 set_errno_from_nt_status(status);
1375                 ERROR_WITH_ERRNO("Can't open \"%ls\" for writing "
1376                                  "(status=0x%08"PRIx32")",
1377                                  current_path(ctx), (u32)status);
1378                 return WIMLIB_ERR_OPEN;
1379         }
1380
1381         ctx->open_handles[ctx->num_open_handles++] = h;
1382
1383         /* Allocate space for the data.  */
1384         alloc_info.AllocationSize.QuadPart = stream->size;
1385         (*func_NtSetInformationFile)(h, &ctx->iosb,
1386                                      &alloc_info, sizeof(alloc_info),
1387                                      FileAllocationInformation);
1388         return 0;
1389 }
1390
1391 /* Set the reparse data @rpbuf of length @rpbuflen on the extracted file
1392  * corresponding to the WIM dentry @dentry.  */
1393 static int
1394 do_set_reparse_data(const struct wim_dentry *dentry,
1395                     const void *rpbuf, u16 rpbuflen,
1396                     struct win32_apply_ctx *ctx)
1397 {
1398         NTSTATUS status;
1399         HANDLE h;
1400
1401         status = create_file(&h, GENERIC_WRITE, NULL,
1402                              0, FILE_OPEN, 0, dentry, ctx);
1403         if (!NT_SUCCESS(status))
1404                 goto fail;
1405
1406         status = (*func_NtFsControlFile)(h, NULL, NULL, NULL,
1407                                          &ctx->iosb, FSCTL_SET_REPARSE_POINT,
1408                                          (void *)rpbuf, rpbuflen,
1409                                          NULL, 0);
1410         (*func_NtClose)(h);
1411
1412         if (NT_SUCCESS(status))
1413                 return 0;
1414
1415         /* On Windows, by default only the Administrator can create symbolic
1416          * links for some reason.  By default we just issue a warning if this
1417          * appears to be the problem.  Use WIMLIB_EXTRACT_FLAG_STRICT_SYMLINKS
1418          * to get a hard error.  */
1419         if (!(ctx->common.extract_flags & WIMLIB_EXTRACT_FLAG_STRICT_SYMLINKS)
1420             && (status == STATUS_PRIVILEGE_NOT_HELD ||
1421                 status == STATUS_ACCESS_DENIED)
1422             && (dentry->d_inode->i_reparse_tag == WIM_IO_REPARSE_TAG_SYMLINK ||
1423                 dentry->d_inode->i_reparse_tag == WIM_IO_REPARSE_TAG_MOUNT_POINT))
1424         {
1425                 WARNING("Can't create symbolic link \"%ls\"!              \n"
1426                         "          (Need Administrator rights, or at least "
1427                         "the\n"
1428                         "          SeCreateSymbolicLink privilege.)",
1429                         current_path(ctx));
1430                 return 0;
1431         }
1432
1433 fail:
1434         set_errno_from_nt_status(status);
1435         ERROR_WITH_ERRNO("Can't set reparse data on \"%ls\" "
1436                          "(status=0x%08"PRIx32")",
1437                          current_path(ctx), (u32)status);
1438         return WIMLIB_ERR_SET_REPARSE_DATA;
1439 }
1440
1441 /* Given a Windows NT namespace path, such as \??\e:\Windows\System32, return a
1442  * pointer to the suffix of the path that begins with the device directly, such
1443  * as e:\Windows\System32.  */
1444 static const wchar_t *
1445 skip_nt_toplevel_component(const wchar_t *path, size_t path_nchars)
1446 {
1447         static const wchar_t * const dirs[] = {
1448                 L"\\??\\",
1449                 L"\\DosDevices\\",
1450                 L"\\Device\\",
1451         };
1452         size_t first_dir_len = 0;
1453         const wchar_t * const end = path + path_nchars;
1454
1455         for (size_t i = 0; i < ARRAY_LEN(dirs); i++) {
1456                 size_t len = wcslen(dirs[i]);
1457                 if (len <= (end - path) && !wcsnicmp(path, dirs[i], len)) {
1458                         first_dir_len = len;
1459                         break;
1460                 }
1461         }
1462         if (first_dir_len == 0)
1463                 return path;
1464         path += first_dir_len;
1465         while (path != end && *path == L'\\')
1466                 path++;
1467         return path;
1468 }
1469
1470 /* Given a Windows NT namespace path, such as \??\e:\Windows\System32, return a
1471  * pointer to the suffix of the path that is device-relative, such as
1472  * Windows\System32.
1473  *
1474  * The path has an explicit length and is not necessarily null terminated.
1475  *
1476  * If the path just something like \??\e: then the returned pointer will point
1477  * just past the colon.  In this case the length of the result will be 0
1478  * characters.  */
1479 static const wchar_t *
1480 get_device_relative_path(const wchar_t *path, size_t path_nchars)
1481 {
1482         const wchar_t * const orig_path = path;
1483         const wchar_t * const end = path + path_nchars;
1484
1485         path = skip_nt_toplevel_component(path, path_nchars);
1486         if (path == orig_path)
1487                 return orig_path;
1488
1489         path = wmemchr(path, L'\\', (end - path));
1490         if (!path)
1491                 return end;
1492         do {
1493                 path++;
1494         } while (path != end && *path == L'\\');
1495         return path;
1496 }
1497
1498 /*
1499  * Given a reparse point buffer for a symbolic link or junction, adjust its
1500  * contents so that the target of the link is consistent with the new location
1501  * of the files.
1502  */
1503 static void
1504 try_rpfix(u8 *rpbuf, u16 *rpbuflen_p, struct win32_apply_ctx *ctx)
1505 {
1506         struct reparse_data rpdata;
1507         size_t orig_subst_name_nchars;
1508         const wchar_t *relpath;
1509         size_t relpath_nchars;
1510         size_t target_ntpath_nchars;
1511         size_t fixed_subst_name_nchars;
1512         const wchar_t *fixed_print_name;
1513         size_t fixed_print_name_nchars;
1514
1515         if (parse_reparse_data(rpbuf, *rpbuflen_p, &rpdata)) {
1516                 /* Do nothing if the reparse data is invalid.  */
1517                 return;
1518         }
1519
1520         if (rpdata.rptag == WIM_IO_REPARSE_TAG_SYMLINK &&
1521             (rpdata.rpflags & SYMBOLIC_LINK_RELATIVE))
1522         {
1523                 /* Do nothing if it's a relative symbolic link.  */
1524                 return;
1525         }
1526
1527         /* Build the new substitute name from the NT namespace path to the
1528          * target directory, then a path separator, then the "device relative"
1529          * part of the old substitute name.  */
1530
1531         orig_subst_name_nchars = rpdata.substitute_name_nbytes / sizeof(wchar_t);
1532
1533         relpath = get_device_relative_path(rpdata.substitute_name,
1534                                            orig_subst_name_nchars);
1535         relpath_nchars = orig_subst_name_nchars -
1536                          (relpath - rpdata.substitute_name);
1537
1538         target_ntpath_nchars = ctx->target_ntpath.Length / sizeof(wchar_t);
1539
1540         fixed_subst_name_nchars = target_ntpath_nchars;
1541         if (relpath_nchars)
1542                 fixed_subst_name_nchars += 1 + relpath_nchars;
1543         wchar_t fixed_subst_name[fixed_subst_name_nchars];
1544
1545         wmemcpy(fixed_subst_name, ctx->target_ntpath.Buffer,
1546                 target_ntpath_nchars);
1547         if (relpath_nchars) {
1548                 fixed_subst_name[target_ntpath_nchars] = L'\\';
1549                 wmemcpy(&fixed_subst_name[target_ntpath_nchars + 1],
1550                         relpath, relpath_nchars);
1551         }
1552         /* Doesn't need to be null-terminated.  */
1553
1554         /* Print name should be Win32, but not all NT names can even be
1555          * translated to Win32 names.  But we can at least delete the top-level
1556          * directory, such as \??\, and this will have the expected result in
1557          * the usual case.  */
1558         fixed_print_name = skip_nt_toplevel_component(fixed_subst_name,
1559                                                       fixed_subst_name_nchars);
1560         fixed_print_name_nchars = fixed_subst_name_nchars - (fixed_print_name -
1561                                                              fixed_subst_name);
1562
1563         rpdata.substitute_name = fixed_subst_name;
1564         rpdata.substitute_name_nbytes = fixed_subst_name_nchars * sizeof(wchar_t);
1565         rpdata.print_name = (wchar_t *)fixed_print_name;
1566         rpdata.print_name_nbytes = fixed_print_name_nchars * sizeof(wchar_t);
1567         make_reparse_buffer(&rpdata, rpbuf, rpbuflen_p);
1568 }
1569
1570 /* Sets reparse data on the specified file.  This handles "fixing" the targets
1571  * of absolute symbolic links and junctions if WIMLIB_EXTRACT_FLAG_RPFIX was
1572  * specified.  */
1573 static int
1574 set_reparse_data(const struct wim_dentry *dentry,
1575                  const void *_rpbuf, u16 rpbuflen, struct win32_apply_ctx *ctx)
1576 {
1577         const struct wim_inode *inode = dentry->d_inode;
1578         const void *rpbuf = _rpbuf;
1579
1580         if ((ctx->common.extract_flags & WIMLIB_EXTRACT_FLAG_RPFIX)
1581             && !inode->i_not_rpfixed
1582             && (inode->i_reparse_tag == WIM_IO_REPARSE_TAG_SYMLINK ||
1583                 inode->i_reparse_tag == WIM_IO_REPARSE_TAG_MOUNT_POINT))
1584         {
1585                 memcpy(&ctx->rpfixbuf, _rpbuf, rpbuflen);
1586                 try_rpfix((u8 *)&ctx->rpfixbuf, &rpbuflen, ctx);
1587                 rpbuf = &ctx->rpfixbuf;
1588         }
1589         return do_set_reparse_data(dentry, rpbuf, rpbuflen, ctx);
1590
1591 }
1592
1593 /* Import the next block of raw encrypted data  */
1594 static DWORD WINAPI
1595 import_encrypted_data(PBYTE pbData, PVOID pvCallbackContext, PULONG Length)
1596 {
1597         struct win32_apply_ctx *ctx = pvCallbackContext;
1598         ULONG copy_len;
1599
1600         copy_len = min(ctx->encrypted_size - ctx->encrypted_offset, *Length);
1601         memcpy(pbData, &ctx->data_buffer[ctx->encrypted_offset], copy_len);
1602         ctx->encrypted_offset += copy_len;
1603         *Length = copy_len;
1604         return ERROR_SUCCESS;
1605 }
1606
1607 /* Write the raw encrypted data to the already-created file corresponding to
1608  * @dentry.
1609  *
1610  * The raw encrypted data is provided in ctx->data_buffer, and its size is
1611  * ctx->encrypted_size.  */
1612 static int
1613 extract_encrypted_file(const struct wim_dentry *dentry,
1614                        struct win32_apply_ctx *ctx)
1615 {
1616         void *rawctx;
1617         DWORD err;
1618
1619         /* Temporarily build a Win32 path for OpenEncryptedFileRaw()  */
1620         build_win32_extraction_path(dentry, ctx);
1621
1622         err = OpenEncryptedFileRaw(ctx->pathbuf.Buffer,
1623                                    CREATE_FOR_IMPORT, &rawctx);
1624
1625         /* Restore the NT namespace path  */
1626         build_extraction_path(dentry, ctx);
1627
1628         if (err != ERROR_SUCCESS) {
1629                 set_errno_from_win32_error(err);
1630                 ERROR_WITH_ERRNO("Can't open \"%ls\" for encrypted import "
1631                                  "(err=%"PRIu32")", current_path(ctx), (u32)err);
1632                 return WIMLIB_ERR_OPEN;
1633         }
1634
1635         ctx->encrypted_offset = 0;
1636
1637         err = WriteEncryptedFileRaw(import_encrypted_data, ctx, rawctx);
1638
1639         CloseEncryptedFileRaw(rawctx);
1640
1641         if (err != ERROR_SUCCESS) {
1642                 set_errno_from_win32_error(err);
1643                 ERROR_WITH_ERRNO("Can't import encrypted file \"%ls\" "
1644                                  "(err=%"PRIu32")", current_path(ctx), (u32)err);
1645                 return WIMLIB_ERR_WRITE;
1646         }
1647
1648         return 0;
1649 }
1650
1651 /* Called when starting to read a stream for extraction on Windows  */
1652 static int
1653 begin_extract_stream(struct wim_lookup_table_entry *stream,
1654                      u32 flags, void *_ctx)
1655 {
1656         struct win32_apply_ctx *ctx = _ctx;
1657         const struct stream_owner *owners = stream_owners(stream);
1658         int ret;
1659
1660         ctx->num_open_handles = 0;
1661         ctx->data_buffer_ptr = NULL;
1662         INIT_LIST_HEAD(&ctx->reparse_dentries);
1663         INIT_LIST_HEAD(&ctx->encrypted_dentries);
1664
1665         for (u32 i = 0; i < stream->out_refcnt; i++) {
1666                 const struct wim_inode *inode = owners[i].inode;
1667                 const wchar_t *stream_name = owners[i].stream_name;
1668                 struct wim_dentry *dentry;
1669
1670                 /* A copy of the stream needs to be extracted to @inode.  */
1671
1672                 if (ctx->common.supported_features.hard_links) {
1673                         dentry = inode_first_extraction_dentry(inode);
1674                         ret = begin_extract_stream_instance(stream, dentry,
1675                                                             stream_name, ctx);
1676                         if (ret)
1677                                 goto fail;
1678                 } else {
1679                         /* Hard links not supported.  Extract the stream
1680                          * separately to each alias of the inode.  */
1681                         struct list_head *next;
1682
1683                         next = inode->i_extraction_aliases.next;
1684                         do {
1685                                 dentry = list_entry(next, struct wim_dentry,
1686                                                     d_extraction_alias_node);
1687                                 ret = begin_extract_stream_instance(stream,
1688                                                                     dentry,
1689                                                                     stream_name,
1690                                                                     ctx);
1691                                 if (ret)
1692                                         goto fail;
1693                                 next = next->next;
1694                         } while (next != &inode->i_extraction_aliases);
1695                 }
1696         }
1697
1698         if (unlikely(ctx->num_open_handles == 0 && ctx->data_buffer_ptr == NULL)) {
1699                 /* The data of this stream isn't actually needed!
1700                  * (This can happen in WIMBoot mode.)  */
1701                 return BEGIN_STREAM_STATUS_SKIP_STREAM;
1702         }
1703         return 0;
1704
1705 fail:
1706         close_handles(ctx);
1707         return ret;
1708 }
1709
1710 /* Called when the next chunk of a stream has been read for extraction on
1711  * Windows  */
1712 static int
1713 extract_chunk(const void *chunk, size_t size, void *_ctx)
1714 {
1715         struct win32_apply_ctx *ctx = _ctx;
1716
1717         /* Write the data chunk to each open handle  */
1718         for (unsigned i = 0; i < ctx->num_open_handles; i++) {
1719                 u8 *bufptr = (u8 *)chunk;
1720                 size_t bytes_remaining = size;
1721                 NTSTATUS status;
1722                 while (bytes_remaining) {
1723                         ULONG count = min(0xFFFFFFFF, bytes_remaining);
1724
1725                         status = (*func_NtWriteFile)(ctx->open_handles[i],
1726                                                      NULL, NULL, NULL,
1727                                                      &ctx->iosb, bufptr, count,
1728                                                      NULL, NULL);
1729                         if (!NT_SUCCESS(status)) {
1730                                 set_errno_from_nt_status(status);
1731                                 ERROR_WITH_ERRNO("Error writing data to target "
1732                                                  "volume (status=0x%08"PRIx32")",
1733                                                  (u32)status);
1734                                 return WIMLIB_ERR_WRITE;
1735                         }
1736                         bufptr += ctx->iosb.Information;
1737                         bytes_remaining -= ctx->iosb.Information;
1738                 }
1739         }
1740
1741         /* Copy the data chunk into the buffer (if needed)  */
1742         if (ctx->data_buffer_ptr)
1743                 ctx->data_buffer_ptr = mempcpy(ctx->data_buffer_ptr,
1744                                                chunk, size);
1745         return 0;
1746 }
1747
1748 /* Called when a stream has been fully read for extraction on Windows  */
1749 static int
1750 end_extract_stream(struct wim_lookup_table_entry *stream, int status, void *_ctx)
1751 {
1752         struct win32_apply_ctx *ctx = _ctx;
1753         int ret;
1754         const struct wim_dentry *dentry;
1755
1756         close_handles(ctx);
1757
1758         if (status)
1759                 return status;
1760
1761         if (likely(!ctx->data_buffer_ptr))
1762                 return 0;
1763
1764         if (!list_empty(&ctx->reparse_dentries)) {
1765                 if (stream->size > REPARSE_DATA_MAX_SIZE) {
1766                         dentry = list_first_entry(&ctx->reparse_dentries,
1767                                                   struct wim_dentry, tmp_list);
1768                         build_extraction_path(dentry, ctx);
1769                         ERROR("Reparse data of \"%ls\" has size "
1770                               "%"PRIu64" bytes (exceeds %u bytes)",
1771                               current_path(ctx), stream->size,
1772                               REPARSE_DATA_MAX_SIZE);
1773                         return WIMLIB_ERR_INVALID_REPARSE_DATA;
1774                 }
1775                 /* In the WIM format, reparse streams are just the reparse data
1776                  * and omit the header.  But we can reconstruct the header.  */
1777                 memcpy(ctx->rpbuf.rpdata, ctx->data_buffer, stream->size);
1778                 ctx->rpbuf.rpdatalen = stream->size;
1779                 ctx->rpbuf.rpreserved = 0;
1780                 list_for_each_entry(dentry, &ctx->reparse_dentries, tmp_list) {
1781                         ctx->rpbuf.rptag = dentry->d_inode->i_reparse_tag;
1782                         ret = set_reparse_data(dentry, &ctx->rpbuf,
1783                                                stream->size + REPARSE_DATA_OFFSET,
1784                                                ctx);
1785                         if (ret)
1786                                 return ret;
1787                 }
1788         }
1789
1790         if (!list_empty(&ctx->encrypted_dentries)) {
1791                 ctx->encrypted_size = stream->size;
1792                 list_for_each_entry(dentry, &ctx->encrypted_dentries, tmp_list) {
1793                         ret = extract_encrypted_file(dentry, ctx);
1794                         if (ret)
1795                                 return ret;
1796                 }
1797         }
1798
1799         return 0;
1800 }
1801
1802 /* Attributes that can't be set directly  */
1803 #define SPECIAL_ATTRIBUTES                      \
1804         (FILE_ATTRIBUTE_REPARSE_POINT   |       \
1805          FILE_ATTRIBUTE_DIRECTORY       |       \
1806          FILE_ATTRIBUTE_ENCRYPTED       |       \
1807          FILE_ATTRIBUTE_SPARSE_FILE     |       \
1808          FILE_ATTRIBUTE_COMPRESSED)
1809
1810 /* Set the security descriptor @desc, of @desc_size bytes, on the file with open
1811  * handle @h.  */
1812 static NTSTATUS
1813 set_security_descriptor(HANDLE h, const void *desc,
1814                         size_t desc_size, struct win32_apply_ctx *ctx)
1815 {
1816         SECURITY_INFORMATION info;
1817         NTSTATUS status;
1818
1819         /* We really just want to set entire the security descriptor as-is, but
1820          * all available APIs require specifying the specific parts of the
1821          * descriptor being set.  Start out by requesting all parts be set.  If
1822          * permissions problems are encountered, fall back to omitting some
1823          * parts (first the SACL, then the DACL, then the owner), unless the
1824          * WIMLIB_EXTRACT_FLAG_STRICT_ACLS flag has been enabled.  */
1825         info = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
1826                DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
1827
1828         /* Prefer NtSetSecurityObject() to SetFileSecurity().  SetFileSecurity()
1829          * itself necessarily uses NtSetSecurityObject() as the latter is the
1830          * underlying system call for setting security information, but
1831          * SetFileSecurity() opens the handle with NtCreateFile() without
1832          * FILE_OPEN_FILE_BACKUP_INTENT.  Hence, access checks are done and due
1833          * to the Windows security model, even a process running as the
1834          * Administrator can have access denied.  (Of course, this not mentioned
1835          * in the MS "documentation".)  */
1836 retry:
1837         status = (*func_NtSetSecurityObject)(h, info, (PSECURITY_DESCRIPTOR)desc);
1838         if (NT_SUCCESS(status))
1839                 return status;
1840         /* Failed to set the requested parts of the security descriptor.  If the
1841          * error was permissions-related, try to set fewer parts of the security
1842          * descriptor, unless WIMLIB_EXTRACT_FLAG_STRICT_ACLS is enabled.  */
1843         if ((status == STATUS_PRIVILEGE_NOT_HELD ||
1844              status == STATUS_ACCESS_DENIED) &&
1845             !(ctx->common.extract_flags & WIMLIB_EXTRACT_FLAG_STRICT_ACLS))
1846         {
1847                 if (info & SACL_SECURITY_INFORMATION) {
1848                         info &= ~SACL_SECURITY_INFORMATION;
1849                         ctx->partial_security_descriptors++;
1850                         goto retry;
1851                 }
1852                 if (info & DACL_SECURITY_INFORMATION) {
1853                         info &= ~DACL_SECURITY_INFORMATION;
1854                         goto retry;
1855                 }
1856                 if (info & OWNER_SECURITY_INFORMATION) {
1857                         info &= ~OWNER_SECURITY_INFORMATION;
1858                         goto retry;
1859                 }
1860                 /* Nothing left except GROUP, and if we removed it we
1861                  * wouldn't have anything at all.  */
1862         }
1863
1864         /* No part of the security descriptor could be set, or
1865          * WIMLIB_EXTRACT_FLAG_STRICT_ACLS is enabled and the full security
1866          * descriptor could not be set.  */
1867         if (!(info & SACL_SECURITY_INFORMATION))
1868                 ctx->partial_security_descriptors--;
1869         ctx->no_security_descriptors++;
1870         return status;
1871 }
1872
1873 /* Set metadata on the open file @h from the WIM inode @inode.  */
1874 static int
1875 do_apply_metadata_to_file(HANDLE h, const struct wim_inode *inode,
1876                           struct win32_apply_ctx *ctx)
1877 {
1878         FILE_BASIC_INFORMATION info;
1879         NTSTATUS status;
1880
1881         /* Set security descriptor if present and not in NO_ACLS mode  */
1882         if (inode->i_security_id >= 0 &&
1883             !(ctx->common.extract_flags & WIMLIB_EXTRACT_FLAG_NO_ACLS))
1884         {
1885                 const struct wim_security_data *sd;
1886                 const void *desc;
1887                 size_t desc_size;
1888
1889                 sd = wim_get_current_security_data(ctx->common.wim);
1890                 desc = sd->descriptors[inode->i_security_id];
1891                 desc_size = sd->sizes[inode->i_security_id];
1892
1893                 status = set_security_descriptor(h, desc, desc_size, ctx);
1894                 if (!NT_SUCCESS(status) &&
1895                     (ctx->common.extract_flags & WIMLIB_EXTRACT_FLAG_STRICT_ACLS))
1896                 {
1897                         set_errno_from_nt_status(status);
1898                         ERROR_WITH_ERRNO("Can't set security descriptor "
1899                                          "on \"%ls\" (status=0x%08"PRIx32")",
1900                                          current_path(ctx), (u32)status);
1901                         return WIMLIB_ERR_SET_SECURITY;
1902                 }
1903         }
1904
1905         /* Set attributes and timestamps  */
1906         info.CreationTime.QuadPart = inode->i_creation_time;
1907         info.LastAccessTime.QuadPart = inode->i_last_access_time;
1908         info.LastWriteTime.QuadPart = inode->i_last_write_time;
1909         info.ChangeTime.QuadPart = 0;
1910         if (ctx->common.extract_flags & WIMLIB_EXTRACT_FLAG_NO_ATTRIBUTES)
1911                 info.FileAttributes = 0;
1912         else
1913                 info.FileAttributes = inode->i_attributes & ~SPECIAL_ATTRIBUTES;
1914
1915         status = (*func_NtSetInformationFile)(h, &ctx->iosb,
1916                                               &info, sizeof(info),
1917                                               FileBasicInformation);
1918         /* On FAT volumes we get STATUS_INVALID_PARAMETER if we try to set
1919          * attributes on the root directory.  (Apparently because FAT doesn't
1920          * actually have a place to store those attributes!)  */
1921         if (!NT_SUCCESS(status)
1922             && !(status == STATUS_INVALID_PARAMETER &&
1923                  dentry_is_root(inode_first_extraction_dentry(inode))))
1924         {
1925                 set_errno_from_nt_status(status);
1926                 ERROR_WITH_ERRNO("Can't set basic metadata on \"%ls\" "
1927                                  "(status=0x%08"PRIx32")",
1928                                  current_path(ctx), (u32)status);
1929                 return WIMLIB_ERR_SET_ATTRIBUTES;
1930         }
1931
1932         return 0;
1933 }
1934
1935 static int
1936 apply_metadata_to_file(const struct wim_dentry *dentry,
1937                        struct win32_apply_ctx *ctx)
1938 {
1939         const struct wim_inode *inode = dentry->d_inode;
1940         DWORD perms;
1941         HANDLE h;
1942         NTSTATUS status;
1943         int ret;
1944
1945         perms = FILE_WRITE_ATTRIBUTES | WRITE_DAC |
1946                 WRITE_OWNER | ACCESS_SYSTEM_SECURITY;
1947
1948         build_extraction_path(dentry, ctx);
1949
1950         /* Open a handle with as many relevant permissions as possible.  */
1951         while (!NT_SUCCESS(status = do_create_file(&h, perms, NULL,
1952                                                    0, FILE_OPEN, 0, ctx)))
1953         {
1954                 if (status == STATUS_PRIVILEGE_NOT_HELD ||
1955                     status == STATUS_ACCESS_DENIED)
1956                 {
1957                         if (perms & ACCESS_SYSTEM_SECURITY) {
1958                                 perms &= ~ACCESS_SYSTEM_SECURITY;
1959                                 continue;
1960                         }
1961                         if (perms & WRITE_DAC) {
1962                                 perms &= ~WRITE_DAC;
1963                                 continue;
1964                         }
1965                         if (perms & WRITE_OWNER) {
1966                                 perms &= ~WRITE_OWNER;
1967                                 continue;
1968                         }
1969                 }
1970                 set_errno_from_nt_status(status);
1971                 ERROR_WITH_ERRNO("Can't open \"%ls\" to set metadata "
1972                                  "(status=0x%08"PRIx32")",
1973                                  current_path(ctx), (u32)status);
1974                 return WIMLIB_ERR_OPEN;
1975         }
1976
1977         ret = do_apply_metadata_to_file(h, inode, ctx);
1978
1979         (*func_NtClose)(h);
1980
1981         return ret;
1982 }
1983
1984 static int
1985 apply_metadata(struct list_head *dentry_list, struct win32_apply_ctx *ctx)
1986 {
1987         const struct wim_dentry *dentry;
1988         int ret;
1989
1990         /* We go in reverse so that metadata is set on all a directory's
1991          * children before the directory itself.  This avoids any potential
1992          * problems with attributes, timestamps, or security descriptors.  */
1993         list_for_each_entry_reverse(dentry, dentry_list, d_extraction_list_node)
1994         {
1995                 ret = apply_metadata_to_file(dentry, ctx);
1996                 if (ret)
1997                         return ret;
1998         }
1999         return 0;
2000 }
2001
2002 /* Issue warnings about problems during the extraction for which warnings were
2003  * not already issued (due to the high number of potential warnings if we issued
2004  * them per-file).  */
2005 static void
2006 do_warnings(const struct win32_apply_ctx *ctx)
2007 {
2008         if (ctx->partial_security_descriptors == 0 &&
2009             ctx->no_security_descriptors == 0)
2010                 return;
2011
2012         WARNING("Extraction to \"%ls\" complete, but with one or more warnings:",
2013                 ctx->common.target);
2014         if (ctx->partial_security_descriptors != 0) {
2015                 WARNING("- Could only partially set the security descriptor\n"
2016                         "            on %lu files or directories.",
2017                         ctx->partial_security_descriptors);
2018         }
2019         if (ctx->no_security_descriptors != 0) {
2020                 WARNING("- Could not set security descriptor at all\n"
2021                         "            on %lu files or directories.",
2022                         ctx->no_security_descriptors);
2023         }
2024         WARNING("To fully restore all security descriptors, run the program\n"
2025                 "          with Administrator rights.");
2026 }
2027
2028 /* Extract files from a WIM image to a directory on Windows  */
2029 static int
2030 win32_extract(struct list_head *dentry_list, struct apply_ctx *_ctx)
2031 {
2032         int ret;
2033         struct win32_apply_ctx *ctx = (struct win32_apply_ctx *)_ctx;
2034
2035         ret = prepare_target(dentry_list, ctx);
2036         if (ret)
2037                 goto out;
2038
2039         if (ctx->common.extract_flags & WIMLIB_EXTRACT_FLAG_WIMBOOT) {
2040                 ret = start_wimboot_extraction(ctx);
2041                 if (ret)
2042                         goto out;
2043         }
2044
2045         ret = create_directories(dentry_list, ctx);
2046         if (ret)
2047                 goto out;
2048
2049         ret = create_nondirectories(dentry_list, ctx);
2050         if (ret)
2051                 goto out;
2052
2053         struct read_stream_list_callbacks cbs = {
2054                 .begin_stream      = begin_extract_stream,
2055                 .begin_stream_ctx  = ctx,
2056                 .consume_chunk     = extract_chunk,
2057                 .consume_chunk_ctx = ctx,
2058                 .end_stream        = end_extract_stream,
2059                 .end_stream_ctx    = ctx,
2060         };
2061         ret = extract_stream_list(&ctx->common, &cbs);
2062         if (ret)
2063                 goto out;
2064
2065         ret = apply_metadata(dentry_list, ctx);
2066         if (ret)
2067                 goto out;
2068
2069         do_warnings(ctx);
2070 out:
2071         if (ctx->h_target)
2072                 (*func_NtClose)(ctx->h_target);
2073         if (ctx->target_ntpath.Buffer)
2074                 HeapFree(GetProcessHeap(), 0, ctx->target_ntpath.Buffer);
2075         FREE(ctx->pathbuf.Buffer);
2076         FREE(ctx->print_buffer);
2077         if (ctx->wimboot.prepopulate_pats) {
2078                 FREE(ctx->wimboot.prepopulate_pats->strings);
2079                 FREE(ctx->wimboot.prepopulate_pats);
2080         }
2081         FREE(ctx->wimboot.mem_prepopulate_pats);
2082         FREE(ctx->data_buffer);
2083         return ret;
2084 }
2085
2086 const struct apply_operations win32_apply_ops = {
2087         .name                   = "Windows",
2088         .get_supported_features = win32_get_supported_features,
2089         .extract                = win32_extract,
2090         .context_size           = sizeof(struct win32_apply_ctx),
2091 };
2092
2093 #endif /* __WIN32__ */