Update security descriptor setting
[wimlib] / src / win32_apply.c
1 /*
2  * win32_apply.c - Windows-specific code for applying files from a WIM image.
3  */
4
5 /*
6  * Copyright (C) 2013 Eric Biggers
7  *
8  * This file is part of wimlib, a library for working with WIM files.
9  *
10  * wimlib is free software; you can redistribute it and/or modify it under the
11  * terms of the GNU General Public License as published by the Free
12  * Software Foundation; either version 3 of the License, or (at your option)
13  * any later version.
14  *
15  * wimlib is distributed in the hope that it will be useful, but WITHOUT ANY
16  * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
17  * A PARTICULAR PURPOSE. See the GNU General Public License for more
18  * details.
19  *
20  * You should have received a copy of the GNU General Public License
21  * along with wimlib; if not, see http://www.gnu.org/licenses/.
22  */
23
24 #ifdef __WIN32__
25
26 #ifdef HAVE_CONFIG_H
27 #  include "config.h"
28 #endif
29
30 #include "wimlib/win32_common.h"
31
32 #include "wimlib/apply.h"
33 #include "wimlib/error.h"
34 #include "wimlib/lookup_table.h"
35
36 #ifdef WITH_NTDLL
37 #  include <winternl.h>
38 #  include <ntstatus.h>
39 NTSTATUS WINAPI
40 NtSetSecurityObject(HANDLE Handle,
41                     SECURITY_INFORMATION SecurityInformation,
42                     PSECURITY_DESCRIPTOR SecurityDescriptor);
43 #endif
44
45 static int
46 win32_start_extract(const wchar_t *path, struct apply_ctx *ctx)
47 {
48         int ret;
49         unsigned vol_flags;
50         bool supports_SetFileShortName;
51
52         ret = win32_get_vol_flags(path, &vol_flags, &supports_SetFileShortName);
53         if (ret)
54                 return ret;
55
56         ctx->supported_features.archive_files = 1;
57         ctx->supported_features.hidden_files = 1;
58         ctx->supported_features.system_files = 1;
59
60         if (vol_flags & FILE_FILE_COMPRESSION)
61                 ctx->supported_features.compressed_files = 1;
62
63         if (vol_flags & FILE_SUPPORTS_ENCRYPTION) {
64                 ctx->supported_features.encrypted_files = 1;
65                 ctx->supported_features.encrypted_directories = 1;
66         }
67
68         ctx->supported_features.not_context_indexed_files = 1;
69
70         if (vol_flags & FILE_SUPPORTS_SPARSE_FILES)
71                 ctx->supported_features.sparse_files = 1;
72
73         if (vol_flags & FILE_NAMED_STREAMS)
74                 ctx->supported_features.named_data_streams = 1;
75
76         if (vol_flags & FILE_SUPPORTS_HARD_LINKS)
77                 ctx->supported_features.hard_links = 1;
78
79         if (vol_flags & FILE_SUPPORTS_REPARSE_POINTS) {
80                 ctx->supported_features.reparse_points = 1;
81                 if (win32func_CreateSymbolicLinkW)
82                         ctx->supported_features.symlink_reparse_points = 1;
83         }
84
85         if (vol_flags & FILE_PERSISTENT_ACLS)
86                 ctx->supported_features.security_descriptors = 1;
87
88         if (supports_SetFileShortName)
89                 ctx->supported_features.short_names = 1;
90         return 0;
91 }
92
93 static int
94 win32_create_file(const wchar_t *path, struct apply_ctx *ctx, u64 *cookie_ret)
95 {
96         HANDLE h;
97
98         h = CreateFile(path, 0, 0, NULL, CREATE_ALWAYS,
99                        FILE_ATTRIBUTE_NORMAL | FILE_FLAG_BACKUP_SEMANTICS, NULL);
100         if (h == INVALID_HANDLE_VALUE)
101                 goto error;
102         CloseHandle(h);
103         return 0;
104
105 error:
106         set_errno_from_GetLastError();
107         return WIMLIB_ERR_OPEN;
108 }
109
110 static int
111 win32_create_directory(const wchar_t *path, struct apply_ctx *ctx,
112                        u64 *cookie_ret)
113 {
114         if (!CreateDirectory(path, NULL))
115                 if (GetLastError() != ERROR_ALREADY_EXISTS)
116                         goto error;
117         return 0;
118
119 error:
120         set_errno_from_GetLastError();
121         return WIMLIB_ERR_MKDIR;
122 }
123
124 static int
125 win32_create_hardlink(const wchar_t *oldpath, const wchar_t *newpath,
126                       struct apply_ctx *ctx)
127 {
128         if (!CreateHardLink(newpath, oldpath, NULL)) {
129                 if (GetLastError() != ERROR_ALREADY_EXISTS)
130                         goto error;
131                 if (!DeleteFile(newpath))
132                         goto error;
133                 if (!CreateHardLink(newpath, oldpath, NULL))
134                         goto error;
135         }
136         return 0;
137
138 error:
139         set_errno_from_GetLastError();
140         return WIMLIB_ERR_LINK;
141 }
142
143 static int
144 win32_create_symlink(const wchar_t *oldpath, const wchar_t *newpath,
145                      struct apply_ctx *ctx)
146 {
147         if (!(*win32func_CreateSymbolicLinkW)(newpath, oldpath, 0)) {
148                 if (GetLastError() != ERROR_ALREADY_EXISTS)
149                         goto error;
150                 if (!DeleteFile(newpath))
151                         goto error;
152                 if (!(*win32func_CreateSymbolicLinkW)(newpath, oldpath, 0))
153                         goto error;
154         }
155         return 0;
156
157 error:
158         set_errno_from_GetLastError();
159         return WIMLIB_ERR_LINK;
160 }
161
162 static int
163 win32_extract_wim_chunk(const void *buf, size_t len, void *arg)
164 {
165         HANDLE h = (HANDLE)arg;
166         DWORD nbytes_written;
167
168         if (unlikely(!WriteFile(h, buf, len, &nbytes_written, NULL)))
169                 goto error;
170         if (unlikely(nbytes_written != len))
171                 goto error;
172         return 0;
173
174 error:
175         set_errno_from_GetLastError();
176         return WIMLIB_ERR_WRITE;
177 }
178
179 static int
180 win32_extract_stream(const wchar_t *path, const wchar_t *stream_name,
181                      size_t stream_name_nchars,
182                      struct wim_lookup_table_entry *lte, struct apply_ctx *ctx)
183 {
184         DWORD creationDisposition = OPEN_EXISTING;
185         wchar_t *stream_path = (wchar_t*)path;
186         HANDLE h;
187         int ret;
188
189         if (stream_name_nchars) {
190                 creationDisposition = CREATE_ALWAYS;
191                 stream_path = alloca(sizeof(wchar_t) *
192                                      (wcslen(path) + 1 +
193                                       wcslen(stream_name) + 1));
194                 swprintf(stream_path, L"%ls:%ls", path, stream_name);
195         }
196
197         h = CreateFile(stream_path, FILE_WRITE_DATA, 0, NULL,
198                        creationDisposition, FILE_FLAG_BACKUP_SEMANTICS |
199                                             FILE_FLAG_OPEN_REPARSE_POINT,
200                        NULL);
201         if (h == INVALID_HANDLE_VALUE)
202                 goto error;
203
204         ret = 0;
205         if (!lte)
206                 goto out_close_handle;
207         ret = extract_wim_resource(lte, wim_resource_size(lte),
208                                    win32_extract_wim_chunk, h);
209 out_close_handle:
210         if (!CloseHandle(h))
211                 goto error;
212         if (ret && !errno)
213                 errno = -1;
214         return ret;
215
216 error:
217         set_errno_from_GetLastError();
218         return WIMLIB_ERR_WRITE;
219 }
220
221 static int
222 win32_extract_unnamed_stream(file_spec_t file,
223                              struct wim_lookup_table_entry *lte,
224                              struct apply_ctx *ctx)
225 {
226         return win32_extract_stream(file.path, NULL, 0, lte, ctx);
227 }
228
229 static int
230 win32_extract_named_stream(file_spec_t file, const wchar_t *stream_name,
231                            size_t stream_name_nchars,
232                            struct wim_lookup_table_entry *lte, struct apply_ctx *ctx)
233 {
234         return win32_extract_stream(file.path, stream_name,
235                                     stream_name_nchars, lte, ctx);
236 }
237
238 struct win32_encrypted_extract_ctx {
239         const struct wim_lookup_table_entry *lte;
240         u64 offset;
241 };
242
243 static DWORD WINAPI
244 win32_encrypted_import_cb(unsigned char *data, void *_import_ctx,
245                           unsigned long *len_p)
246 {
247         struct win32_encrypted_extract_ctx *import_ctx = _import_ctx;
248         unsigned long len = *len_p;
249         const struct wim_lookup_table_entry *lte = import_ctx->lte;
250
251         len = min(len, wim_resource_size(lte) - import_ctx->offset);
252
253         if (read_partial_wim_resource_into_buf(lte, len, import_ctx->offset, data))
254                 return ERROR_READ_FAULT;
255
256         import_ctx->offset += len;
257         *len_p = len;
258         return ERROR_SUCCESS;
259 }
260
261 static int
262 win32_extract_encrypted_stream(file_spec_t file,
263                                struct wim_lookup_table_entry *lte,
264                                struct apply_ctx *ctx)
265 {
266         const tchar *path = file.path;
267         void *file_ctx;
268         DWORD err;
269         int ret;
270         struct win32_encrypted_extract_ctx extract_ctx;
271
272         err = OpenEncryptedFileRaw(path, CREATE_FOR_IMPORT, &file_ctx);
273         if (err != ERROR_SUCCESS) {
274                 errno = win32_error_to_errno(err);
275                 ret = WIMLIB_ERR_OPEN;
276                 goto out;
277         }
278
279         extract_ctx.lte = lte;
280         extract_ctx.offset = 0;
281         err = WriteEncryptedFileRaw(win32_encrypted_import_cb, &extract_ctx,
282                                     file_ctx);
283         if (err != ERROR_SUCCESS) {
284                 errno = win32_error_to_errno(err);
285                 ret = WIMLIB_ERR_WRITE;
286                 goto out_close;
287         }
288
289         ret = 0;
290 out_close:
291         CloseEncryptedFileRaw(file_ctx);
292 out:
293         return ret;
294 }
295
296 static BOOL
297 win32_set_special_file_attributes(const wchar_t *path, u32 attributes)
298 {
299         HANDLE h;
300         DWORD err;
301         USHORT compression_format = COMPRESSION_FORMAT_DEFAULT;
302         DWORD bytes_returned;
303
304         h = CreateFile(path, GENERIC_READ | GENERIC_WRITE, 0, NULL,
305                        OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS |
306                                       FILE_FLAG_OPEN_REPARSE_POINT,
307                        NULL);
308         if (h == INVALID_HANDLE_VALUE)
309                 goto error;
310
311         if (attributes & FILE_ATTRIBUTE_SPARSE_FILE)
312                 if (!DeviceIoControl(h, FSCTL_SET_SPARSE,
313                                      NULL, 0,
314                                      NULL, 0,
315                                      &bytes_returned, NULL))
316                         goto error_close_handle;
317
318         if (attributes & FILE_ATTRIBUTE_COMPRESSED)
319                 if (!DeviceIoControl(h, FSCTL_SET_COMPRESSION,
320                                      &compression_format, sizeof(USHORT),
321                                      NULL, 0,
322                                      &bytes_returned, NULL))
323                         goto error_close_handle;
324
325         if (!CloseHandle(h))
326                 goto error;
327
328         if (attributes & FILE_ATTRIBUTE_ENCRYPTED)
329                 if (!EncryptFile(path))
330                         goto error;
331
332         return TRUE;
333
334 error_close_handle:
335         err = GetLastError();
336         CloseHandle(h);
337         SetLastError(err);
338 error:
339         return FALSE;
340 }
341
342 static int
343 win32_set_file_attributes(const wchar_t *path, u32 attributes,
344                           struct apply_ctx *ctx, unsigned pass)
345 {
346         u32 special_attributes =
347                 FILE_ATTRIBUTE_REPARSE_POINT |
348                 FILE_ATTRIBUTE_DIRECTORY |
349                 FILE_ATTRIBUTE_SPARSE_FILE |
350                 FILE_ATTRIBUTE_COMPRESSED |
351                 FILE_ATTRIBUTE_ENCRYPTED;
352         u32 actual_attributes;
353
354         /* Delay setting FILE_ATTRIBUTE_READONLY on the initial pass (when files
355          * are created, but data not extracted); otherwise the system will
356          * refuse access to the file even if the process has SeRestorePrivilege.
357          */
358         if (pass == 0)
359                 attributes &= ~FILE_ATTRIBUTE_READONLY;
360
361         if (!SetFileAttributes(path, attributes & ~special_attributes))
362                 goto error;
363
364         if (pass != 0)
365                 return 0;
366
367         if (attributes & (FILE_ATTRIBUTE_SPARSE_FILE |
368                           FILE_ATTRIBUTE_ENCRYPTED |
369                           FILE_ATTRIBUTE_COMPRESSED))
370                 if (!win32_set_special_file_attributes(path, attributes))
371                         goto error;
372
373         /* If file is not supposed to be encrypted or compressed, remove
374          * defaulted encrypted or compressed attributes (from creating file in
375          * encrypted or compressed directory).  */
376         actual_attributes = GetFileAttributes(path);
377         if (actual_attributes == INVALID_FILE_ATTRIBUTES)
378                 goto error;
379
380         if ((actual_attributes & FILE_ATTRIBUTE_ENCRYPTED) &&
381             !(attributes & FILE_ATTRIBUTE_ENCRYPTED))
382                 if (!DecryptFile(path, 0))
383                         goto error;
384         if ((actual_attributes & FILE_ATTRIBUTE_COMPRESSED) &&
385             !(attributes & FILE_ATTRIBUTE_COMPRESSED))
386         {
387                 HANDLE h;
388                 DWORD bytes_returned;
389                 USHORT compression_format = COMPRESSION_FORMAT_NONE;
390
391                 h = CreateFile(path, GENERIC_READ | GENERIC_WRITE, 0, NULL,
392                                OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS |
393                                               FILE_FLAG_OPEN_REPARSE_POINT,
394                                NULL);
395                 if (h == INVALID_HANDLE_VALUE)
396                         goto error;
397
398                 if (!DeviceIoControl(h, FSCTL_SET_COMPRESSION,
399                                      &compression_format, sizeof(USHORT),
400                                      NULL, 0,
401                                      &bytes_returned, NULL))
402                 {
403                         DWORD err = GetLastError();
404                         CloseHandle(h);
405                         SetLastError(err);
406                         goto error;
407                 }
408
409                 if (!CloseHandle(h))
410                         goto error;
411         }
412
413         return 0;
414
415 error:
416         set_errno_from_GetLastError();
417         return WIMLIB_ERR_SET_ATTRIBUTES;
418 }
419
420 static int
421 win32_set_reparse_data(const wchar_t *path, const u8 *rpbuf, u16 rpbuflen,
422                        struct apply_ctx *ctx)
423 {
424         HANDLE h;
425         DWORD err;
426         DWORD bytes_returned;
427
428         h = CreateFile(path, GENERIC_WRITE, 0, NULL,
429                        OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS |
430                                       FILE_FLAG_OPEN_REPARSE_POINT,
431                        NULL);
432         if (h == INVALID_HANDLE_VALUE)
433                 goto error;
434
435         if (!DeviceIoControl(h, FSCTL_SET_REPARSE_POINT,
436                              (void*)rpbuf, rpbuflen,
437                              NULL, 0, &bytes_returned, NULL))
438                 goto error_close_handle;
439
440         if (!CloseHandle(h))
441                 goto error;
442
443         return 0;
444
445 error_close_handle:
446         err = GetLastError();
447         CloseHandle(h);
448         SetLastError(err);
449 error:
450         set_errno_from_GetLastError();
451         return WIMLIB_ERR_WRITE; /* XXX: need better error code */
452 }
453
454 static int
455 win32_set_short_name(const wchar_t *path, const wchar_t *short_name,
456                      size_t short_name_nchars, struct apply_ctx *ctx)
457 {
458         HANDLE h;
459         DWORD err;
460
461         h = CreateFile(path, GENERIC_WRITE | DELETE, 0, NULL,
462                        OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS |
463                                       FILE_FLAG_OPEN_REPARSE_POINT,
464                        NULL);
465         if (h == INVALID_HANDLE_VALUE)
466                 goto error;
467
468         if (short_name_nchars) {
469                 if (!SetFileShortName(h, short_name))
470                         goto error_close_handle;
471         } else if (running_on_windows_7_or_later()) {
472                 if (!SetFileShortName(h, L""))
473                         goto error_close_handle;
474         }
475
476         if (!CloseHandle(h))
477                 goto error;
478
479         return 0;
480
481 error_close_handle:
482         err = GetLastError();
483         CloseHandle(h);
484         SetLastError(err);
485 error:
486         set_errno_from_GetLastError();
487         return WIMLIB_ERR_WRITE; /* XXX: need better error code */
488 }
489
490 static DWORD
491 do_win32_set_security_descriptor(HANDLE h, const wchar_t *path,
492                                  SECURITY_INFORMATION info,
493                                  PSECURITY_DESCRIPTOR desc)
494 {
495 #ifdef WITH_NTDLL
496         return RtlNtStatusToDosError(NtSetSecurityObject(h, info, desc));
497 #else
498         if (SetFileSecurity(path, info, desc))
499                 return ERROR_SUCCESS;
500         else
501                 return GetLastError();
502 #endif
503 }
504
505 static int
506 win32_set_security_descriptor(const wchar_t *path, const u8 *desc,
507                               size_t desc_size, struct apply_ctx *ctx)
508 {
509         SECURITY_INFORMATION info;
510         HANDLE h;
511         DWORD err;
512         int ret;
513
514         info = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
515                DACL_SECURITY_INFORMATION  | SACL_SECURITY_INFORMATION;
516         h = INVALID_HANDLE_VALUE;
517
518 #ifdef WITH_NTDLL
519         h = CreateFile(path, MAXIMUM_ALLOWED, 0, NULL, OPEN_EXISTING,
520                        FILE_FLAG_BACKUP_SEMANTICS |
521                                FILE_FLAG_OPEN_REPARSE_POINT,
522                        NULL);
523         if (h == INVALID_HANDLE_VALUE) {
524                 ERROR_WITH_ERRNO("Can't open %ls (%u)", path, GetLastError());
525                 goto error;
526         }
527 #endif
528
529         for (;;) {
530                 err = do_win32_set_security_descriptor(h, path, info,
531                                                        (PSECURITY_DESCRIPTOR)desc);
532                 if (err == ERROR_SUCCESS)
533                         break;
534                 if ((err == ERROR_PRIVILEGE_NOT_HELD ||
535                      err == ERROR_ACCESS_DENIED) &&
536                     !(ctx->extract_flags & WIMLIB_EXTRACT_FLAG_STRICT_ACLS))
537                 {
538                         if (info & SACL_SECURITY_INFORMATION) {
539                                 info &= ~SACL_SECURITY_INFORMATION;
540                                 ctx->partial_security_descriptors++;
541                                 continue;
542                         }
543                         if (info & DACL_SECURITY_INFORMATION) {
544                                 info &= ~DACL_SECURITY_INFORMATION;
545                                 continue;
546                         }
547                         if (info & OWNER_SECURITY_INFORMATION) {
548                                 info &= ~OWNER_SECURITY_INFORMATION;
549                                 continue;
550                         }
551                         ctx->partial_security_descriptors--;
552                         ctx->no_security_descriptors++;
553                         break;
554                 }
555                 goto error;
556         }
557         ret = 0;
558 out_close:
559 #ifdef WITH_NTDLL
560         CloseHandle(h);
561 #endif
562         return ret;
563
564 error:
565         set_errno_from_GetLastError();
566         ret = WIMLIB_ERR_SET_SECURITY;
567         goto out_close;
568 }
569
570 static int
571 win32_set_timestamps(const wchar_t *path, u64 creation_time,
572                      u64 last_write_time, u64 last_access_time,
573                      struct apply_ctx *ctx)
574 {
575         HANDLE h;
576         DWORD err;
577         FILETIME creationTime = {.dwLowDateTime = creation_time & 0xffffffff,
578                                  .dwHighDateTime = creation_time >> 32};
579         FILETIME lastAccessTime = {.dwLowDateTime = last_access_time & 0xffffffff,
580                                   .dwHighDateTime = last_access_time >> 32};
581         FILETIME lastWriteTime = {.dwLowDateTime = last_write_time & 0xffffffff,
582                                   .dwHighDateTime = last_write_time >> 32};
583
584         h = CreateFile(path, FILE_WRITE_ATTRIBUTES, 0, NULL,
585                        OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS |
586                                       FILE_FLAG_OPEN_REPARSE_POINT,
587                        NULL);
588         if (h == INVALID_HANDLE_VALUE)
589                 goto error;
590
591         if (!SetFileTime(h, &creationTime, &lastAccessTime, &lastWriteTime))
592                 goto error_close_handle;
593
594         if (!CloseHandle(h))
595                 goto error;
596
597         return 0;
598
599 error_close_handle:
600         err = GetLastError();
601         CloseHandle(h);
602         SetLastError(err);
603 error:
604         set_errno_from_GetLastError();
605         return WIMLIB_ERR_SET_TIMESTAMPS;
606 }
607
608 const struct apply_operations win32_apply_ops = {
609         .name = L"Win32",
610
611         .target_is_root           = win32_path_is_root_of_drive,
612         .start_extract            = win32_start_extract,
613         .create_file              = win32_create_file,
614         .create_directory         = win32_create_directory,
615         .create_hardlink          = win32_create_hardlink,
616         .create_symlink           = win32_create_symlink,
617         .extract_unnamed_stream   = win32_extract_unnamed_stream,
618         .extract_named_stream     = win32_extract_named_stream,
619         .extract_encrypted_stream = win32_extract_encrypted_stream,
620         .set_file_attributes      = win32_set_file_attributes,
621         .set_reparse_data         = win32_set_reparse_data,
622         .set_short_name           = win32_set_short_name,
623         .set_security_descriptor  = win32_set_security_descriptor,
624         .set_timestamps           = win32_set_timestamps,
625
626         .path_prefix = L"\\\\?\\",
627         .path_prefix_nchars = 4,
628         .path_separator = L'\\',
629         .path_max = 32768,
630
631         .requires_realtarget_in_paths = 1,
632         .realpath_works_on_nonexisting_files = 1,
633         .root_directory_is_special = 1,
634         .requires_final_set_attributes_pass = 1,
635 };
636
637 #endif /* __WIN32__ */