+ DWORD err = GetLastError();
+ if (err == ERROR_ACCESS_DENIED || err == ERROR_PRIVILEGE_NOT_HELD)
+ {
+ args->num_soft_links_failed++;
+ if (args->num_soft_links_failed <= MAX_CREATE_SOFT_LINK_WARNINGS) {
+ WARNING("Can't set reparse data on \"%ls\": Access denied!\n"
+ " You may be trying to extract a symbolic "
+ "link without the\n"
+ " SeCreateSymbolicLink privilege, which by "
+ "default non-Administrator\n"
+ " accounts do not have.", path);
+ }
+ if (args->num_hard_links_failed == MAX_CREATE_HARD_LINK_WARNINGS) {
+ WARNING("Suppressing further warnings regarding failure to extract\n"
+ " reparse points due to insufficient privileges...");
+ }
+ } else {
+ ERROR("Failed to set reparse data on \"%ls\"", path);
+ win32_error(err);
+ if (inode->i_reparse_tag == WIM_IO_REPARSE_TAG_SYMLINK ||
+ inode->i_reparse_tag == WIM_IO_REPARSE_TAG_MOUNT_POINT)
+ return WIMLIB_ERR_LINK;
+ else
+ return WIMLIB_ERR_WRITE;
+ }
+ }
+ return 0;
+}
+
+/* Wrapper around the FSCTL_SET_COMPRESSION ioctl to change the
+ * FILE_ATTRIBUTE_COMPRESSED flag of a file or directory. */
+static int
+win32_set_compression_state(HANDLE hFile, USHORT format, const wchar_t *path)
+{
+ DWORD bytesReturned;
+ if (!DeviceIoControl(hFile, FSCTL_SET_COMPRESSION,
+ &format, sizeof(USHORT),
+ NULL, 0,
+ &bytesReturned, NULL))
+ {
+ /* Could be a warning only, but we only call this if the volume
+ * supports compression. So I'm calling this an error. */
+ DWORD err = GetLastError();
+ ERROR("Failed to set compression flag on \"%ls\"", path);
+ win32_error(err);
+ if (err == ERROR_ACCESS_DENIED || err == ERROR_PRIVILEGE_NOT_HELD)
+ return WIMLIB_ERR_INSUFFICIENT_PRIVILEGES_TO_EXTRACT;
+ else
+ return WIMLIB_ERR_WRITE;
+ }
+ return 0;
+}
+
+/* Wrapper around FSCTL_SET_SPARSE ioctl to set a file as sparse. */
+static int
+win32_set_sparse(HANDLE hFile, const wchar_t *path)
+{
+ DWORD bytesReturned;
+ if (!DeviceIoControl(hFile, FSCTL_SET_SPARSE,
+ NULL, 0,
+ NULL, 0,
+ &bytesReturned, NULL))
+ {
+ /* Could be a warning only, but we only call this if the volume
+ * supports sparse files. So I'm calling this an error. */
+ DWORD err = GetLastError();
+ WARNING("Failed to set sparse flag on \"%ls\"", path);
+ win32_error(err);
+ if (err == ERROR_ACCESS_DENIED || err == ERROR_PRIVILEGE_NOT_HELD)
+ return WIMLIB_ERR_INSUFFICIENT_PRIVILEGES_TO_EXTRACT;
+ else
+ return WIMLIB_ERR_WRITE;
+ }
+ return 0;
+}
+
+/*
+ * Sets the security descriptor on an extracted file.
+ */
+static int
+win32_set_security_data(const struct wim_inode *inode,
+ HANDLE hFile,
+ const wchar_t *path,
+ struct apply_args *args)
+{
+ PSECURITY_DESCRIPTOR descriptor;
+ unsigned long n;
+ DWORD err;
+ const struct wim_security_data *sd;
+
+ SECURITY_INFORMATION securityInformation = 0;
+
+ void *owner = NULL;
+ void *group = NULL;
+ ACL *dacl = NULL;
+ ACL *sacl = NULL;
+
+ BOOL owner_defaulted;
+ BOOL group_defaulted;
+ BOOL dacl_present;
+ BOOL dacl_defaulted;
+ BOOL sacl_present;
+ BOOL sacl_defaulted;
+
+ sd = wim_const_security_data(args->w);
+ descriptor = sd->descriptors[inode->i_security_id];
+
+ GetSecurityDescriptorOwner(descriptor, &owner, &owner_defaulted);
+ if (owner)
+ securityInformation |= OWNER_SECURITY_INFORMATION;
+
+ GetSecurityDescriptorGroup(descriptor, &group, &group_defaulted);
+ if (group)
+ securityInformation |= GROUP_SECURITY_INFORMATION;
+
+ GetSecurityDescriptorDacl(descriptor, &dacl_present,
+ &dacl, &dacl_defaulted);
+ if (dacl)
+ securityInformation |= DACL_SECURITY_INFORMATION;
+
+ GetSecurityDescriptorSacl(descriptor, &sacl_present,
+ &sacl, &sacl_defaulted);
+ if (sacl)
+ securityInformation |= SACL_SECURITY_INFORMATION;
+
+again:
+ if (securityInformation == 0)
+ return 0;
+ if (SetSecurityInfo(hFile, SE_FILE_OBJECT,
+ securityInformation, owner, group, dacl, sacl))
+ return 0;
+ err = GetLastError();
+ if (args->extract_flags & WIMLIB_EXTRACT_FLAG_STRICT_ACLS)
+ goto fail;
+ switch (err) {
+ case ERROR_PRIVILEGE_NOT_HELD:
+ if (securityInformation & SACL_SECURITY_INFORMATION) {
+ n = args->num_set_sacl_priv_notheld++;
+ securityInformation &= ~SACL_SECURITY_INFORMATION;
+ sacl = NULL;
+ if (n < MAX_SET_SACL_PRIV_NOTHELD_WARNINGS) {
+ WARNING(
+"We don't have enough privileges to set the full security\n"
+" descriptor on \"%ls\"!\n", path);
+ if (args->num_set_sd_access_denied +
+ args->num_set_sacl_priv_notheld == 1)
+ {
+ WARNING("%ls", apply_access_denied_msg);
+ }
+ WARNING("Re-trying with SACL omitted.\n", path);
+ } else if (n == MAX_GET_SACL_PRIV_NOTHELD_WARNINGS) {
+ WARNING(
+"Suppressing further 'privileges not held' error messages when setting\n"
+" security descriptors.");
+ }
+ goto again;
+ }
+ /* Fall through */
+ case ERROR_INVALID_OWNER:
+ case ERROR_ACCESS_DENIED:
+ n = args->num_set_sd_access_denied++;
+ if (n < MAX_SET_SD_ACCESS_DENIED_WARNINGS) {
+ WARNING("Failed to set security descriptor on \"%ls\": "
+ "Access denied!\n", path);
+ if (args->num_set_sd_access_denied +
+ args->num_set_sacl_priv_notheld == 1)
+ {
+ WARNING("%ls", apply_access_denied_msg);
+ }
+ } else if (n == MAX_SET_SD_ACCESS_DENIED_WARNINGS) {
+ WARNING(
+"Suppressing further access denied error messages when setting\n"
+" security descriptors");
+ }
+ return 0;
+ default:
+fail:
+ ERROR("Failed to set security descriptor on \"%ls\"", path);
+ win32_error(err);
+ if (err == ERROR_ACCESS_DENIED || err == ERROR_PRIVILEGE_NOT_HELD)
+ return WIMLIB_ERR_INSUFFICIENT_PRIVILEGES_TO_EXTRACT;
+ else
+ return WIMLIB_ERR_WRITE;
+ }
+}
+
+
+static int
+win32_extract_chunk(const void *buf, size_t len, void *arg)
+{
+ HANDLE hStream = arg;
+
+ DWORD nbytes_written;
+ wimlib_assert(len <= 0xffffffff);
+
+ if (!WriteFile(hStream, buf, len, &nbytes_written, NULL) ||
+ nbytes_written != len)
+ {
+ DWORD err = GetLastError();
+ ERROR("WriteFile(): write error");
+ win32_error(err);
+ return WIMLIB_ERR_WRITE;
+ }
+ return 0;
+}
+
+static int
+do_win32_extract_stream(HANDLE hStream, const struct wim_lookup_table_entry *lte)
+{
+ return extract_wim_resource(lte, wim_resource_size(lte),
+ win32_extract_chunk, hStream);
+}
+
+struct win32_encrypted_extract_ctx {
+ const struct wim_lookup_table_entry *lte;
+ u64 offset;
+};
+
+static DWORD WINAPI
+win32_encrypted_import_cb(unsigned char *data, void *_ctx,
+ unsigned long *len_p)
+{
+ struct win32_encrypted_extract_ctx *ctx = _ctx;
+ unsigned long len = *len_p;
+ const struct wim_lookup_table_entry *lte = ctx->lte;
+
+ len = min(len, wim_resource_size(lte) - ctx->offset);
+
+ if (read_partial_wim_resource_into_buf(lte, len, ctx->offset, data))
+ return ERROR_READ_FAULT;
+
+ ctx->offset += len;
+ *len_p = len;
+ return ERROR_SUCCESS;
+}
+
+/* Create an encrypted file and extract the raw encrypted data to it.
+ *
+ * @path: Path to encrypted file to create.
+ * @lte: WIM lookup_table entry for the raw encrypted data.
+ *
+ * This is separate from do_win32_extract_stream() because the WIM is supposed
+ * to contain the *raw* encrypted data, which needs to be extracted ("imported")
+ * using the special APIs OpenEncryptedFileRawW(), WriteEncryptedFileRaw(), and
+ * CloseEncryptedFileRaw().
+ *
+ * Returns 0 on success; nonzero on failure.
+ */
+static int
+do_win32_extract_encrypted_stream(const wchar_t *path,
+ const struct wim_lookup_table_entry *lte)
+{
+ void *file_ctx;
+ int ret;
+
+ DEBUG("Opening file \"%ls\" to extract raw encrypted data", path);
+
+ ret = OpenEncryptedFileRawW(path, CREATE_FOR_IMPORT, &file_ctx);
+ if (ret) {
+ ERROR("Failed to open \"%ls\" to write raw encrypted data", path);
+ win32_error(ret);
+ return WIMLIB_ERR_OPEN;
+ }
+
+ if (lte) {
+ struct win32_encrypted_extract_ctx ctx;
+
+ ctx.lte = lte;
+ ctx.offset = 0;
+ ret = WriteEncryptedFileRaw(win32_encrypted_import_cb, &ctx, file_ctx);
+ if (ret == ERROR_SUCCESS) {
+ ret = 0;
+ } else {
+ ret = WIMLIB_ERR_WRITE;
+ ERROR("Failed to extract encrypted file \"%ls\"", path);
+ }
+ }
+ CloseEncryptedFileRaw(file_ctx);
+ return ret;
+}
+
+static bool
+path_is_root_of_drive(const wchar_t *path)
+{
+ if (!*path)
+ return false;
+
+ if (*path != L'/' && *path != L'\\') {
+ if (*(path + 1) == L':')
+ path += 2;
+ else
+ return false;
+ }
+ while (*path == L'/' || *path == L'\\')
+ path++;
+ return (*path == L'\0');
+}
+
+static inline DWORD
+win32_mask_attributes(DWORD i_attributes)
+{
+ return i_attributes & ~(FILE_ATTRIBUTE_SPARSE_FILE |
+ FILE_ATTRIBUTE_COMPRESSED |
+ FILE_ATTRIBUTE_REPARSE_POINT |
+ FILE_ATTRIBUTE_DIRECTORY |
+ FILE_ATTRIBUTE_ENCRYPTED |
+ FILE_FLAG_DELETE_ON_CLOSE |
+ FILE_FLAG_NO_BUFFERING |
+ FILE_FLAG_OPEN_NO_RECALL |
+ FILE_FLAG_OVERLAPPED |
+ FILE_FLAG_RANDOM_ACCESS |
+ /*FILE_FLAG_SESSION_AWARE |*/
+ FILE_FLAG_SEQUENTIAL_SCAN |
+ FILE_FLAG_WRITE_THROUGH);
+}
+
+static inline DWORD
+win32_get_create_flags_and_attributes(DWORD i_attributes)
+{
+ /*
+ * Some attributes cannot be set by passing them to CreateFile(). In
+ * particular:
+ *
+ * FILE_ATTRIBUTE_DIRECTORY:
+ * CreateDirectory() must be called instead of CreateFile().
+ *
+ * FILE_ATTRIBUTE_SPARSE_FILE:
+ * Needs an ioctl.
+ * See: win32_set_sparse().
+ *
+ * FILE_ATTRIBUTE_COMPRESSED:
+ * Not clear from the documentation, but apparently this needs an
+ * ioctl as well.
+ * See: win32_set_compressed().
+ *
+ * FILE_ATTRIBUTE_REPARSE_POINT:
+ * Needs an ioctl, with the reparse data specified.
+ * See: win32_set_reparse_data().
+ *
+ * In addition, clear any file flags in the attributes that we don't
+ * want, but also specify FILE_FLAG_OPEN_REPARSE_POINT and
+ * FILE_FLAG_BACKUP_SEMANTICS as we are a backup application.
+ */
+ return win32_mask_attributes(i_attributes) |
+ FILE_FLAG_OPEN_REPARSE_POINT |
+ FILE_FLAG_BACKUP_SEMANTICS;
+}
+
+/* Set compression and/or sparse attributes on a stream, if supported by the
+ * volume. */
+static int
+win32_set_special_stream_attributes(HANDLE hFile, const struct wim_inode *inode,
+ struct wim_lookup_table_entry *unnamed_stream_lte,
+ const wchar_t *path, unsigned vol_flags)
+{
+ int ret;
+
+ if (inode->i_attributes & FILE_ATTRIBUTE_COMPRESSED) {
+ if (vol_flags & FILE_FILE_COMPRESSION) {
+ ret = win32_set_compression_state(hFile,
+ COMPRESSION_FORMAT_DEFAULT,
+ path);
+ if (ret)
+ return ret;
+ } else {
+ DEBUG("Cannot set compression attribute on \"%ls\": "
+ "volume does not support transparent compression",
+ path);
+ }
+ }
+
+ if (inode->i_attributes & FILE_ATTRIBUTE_SPARSE_FILE) {
+ if (vol_flags & FILE_SUPPORTS_SPARSE_FILES) {
+ DEBUG("Setting sparse flag on \"%ls\"", path);
+ ret = win32_set_sparse(hFile, path);
+ if (ret)
+ return ret;
+ } else {
+ DEBUG("Cannot set sparse attribute on \"%ls\": "
+ "volume does not support sparse files",
+ path);
+ }
+ }
+ return 0;
+}
+
+/* Pre-create directories; extract encrypted streams */
+static int
+win32_begin_extract_unnamed_stream(const struct wim_inode *inode,
+ const struct wim_lookup_table_entry *lte,
+ const wchar_t *path,
+ DWORD *creationDisposition_ret,
+ unsigned int vol_flags)
+{
+ DWORD err;
+ int ret;
+
+ /* Directories must be created with CreateDirectoryW(). Then the call
+ * to CreateFileW() will merely open the directory that was already
+ * created rather than creating a new file. */
+ if (inode->i_attributes & FILE_ATTRIBUTE_DIRECTORY &&
+ !path_is_root_of_drive(path)) {
+ if (!CreateDirectoryW(path, NULL)) {
+ err = GetLastError();
+ if (err != ERROR_ALREADY_EXISTS) {
+ ERROR("Failed to create directory \"%ls\"",
+ path);
+ win32_error(err);
+ return WIMLIB_ERR_MKDIR;
+ }
+ }
+ DEBUG("Created directory \"%ls\"", path);
+ *creationDisposition_ret = OPEN_EXISTING;
+ }
+ if (inode->i_attributes & FILE_ATTRIBUTE_ENCRYPTED &&
+ vol_flags & FILE_SUPPORTS_ENCRYPTION)
+ {
+ if (inode->i_attributes & FILE_ATTRIBUTE_DIRECTORY) {
+ unsigned remaining_sharing_violations = 100;
+ while (!EncryptFile(path)) {
+ if (remaining_sharing_violations &&
+ err == ERROR_SHARING_VIOLATION)
+ {
+ WARNING("Couldn't encrypt directory \"%ls\" "
+ "due to sharing violation; re-trying "
+ "after 100 ms", path);
+ Sleep(100);
+ remaining_sharing_violations--;
+ } else {
+ err = GetLastError();
+ ERROR("Failed to encrypt directory \"%ls\"",
+ path);
+ win32_error(err);
+ return WIMLIB_ERR_WRITE;
+ }
+ }
+ } else {
+ ret = do_win32_extract_encrypted_stream(path, lte);
+ if (ret)
+ return ret;
+ DEBUG("Extracted encrypted file \"%ls\"", path);
+ }
+ *creationDisposition_ret = OPEN_EXISTING;
+ }
+
+ /* Set file attributes if we created the file. Otherwise, we haven't
+ * created the file set and we will set the attributes in the call to
+ * CreateFileW().
+ *
+ * The FAT filesystem does not let you change the attributes of the root
+ * directory, so treat that as a special case and do not set attributes.
+ * */
+ if (*creationDisposition_ret == OPEN_EXISTING &&
+ !path_is_root_of_drive(path))
+ {
+ if (!SetFileAttributesW(path,
+ win32_mask_attributes(inode->i_attributes)))
+ {
+ err = GetLastError();
+ ERROR("Failed to set attributes on \"%ls\"", path);
+ win32_error(err);
+ return WIMLIB_ERR_WRITE;
+ }