#include "wimlib/error.h"
#include "wimlib/lookup_table.h"
-#ifdef WITH_NTDLL
-# include <winternl.h>
-# include <ntstatus.h>
-NTSTATUS WINAPI
-NtSetSecurityObject(HANDLE Handle,
- SECURITY_INFORMATION SecurityInformation,
- PSECURITY_DESCRIPTOR SecurityDescriptor);
-#endif
-
static int
win32_start_extract(const wchar_t *path, struct apply_ctx *ctx)
{
return 0;
}
+/* Create a normal file, overwriting one already present. */
static int
win32_create_file(const wchar_t *path, struct apply_ctx *ctx, u64 *cookie_ret)
{
HANDLE h;
-
- h = CreateFile(path, 0, 0, NULL, CREATE_ALWAYS,
- FILE_ATTRIBUTE_NORMAL | FILE_FLAG_BACKUP_SEMANTICS, NULL);
- if (h == INVALID_HANDLE_VALUE)
- goto error;
+ unsigned retry_count = 0;
+ DWORD dwFlagsAndAttributes = FILE_FLAG_BACKUP_SEMANTICS;
+
+retry:
+ /* WRITE_OWNER and WRITE_DAC privileges are required for some reason,
+ * even through we're creating a new file. */
+ h = CreateFile(path, WRITE_OWNER | WRITE_DAC, 0, NULL,
+ CREATE_ALWAYS, dwFlagsAndAttributes, NULL);
+ if (h == INVALID_HANDLE_VALUE) {
+ /* File couldn't be created. */
+ DWORD err = GetLastError();
+ if (err == ERROR_ACCESS_DENIED && retry_count == 0) {
+
+ /* Access denied error for the first time. Try
+ * adjusting file attributes. */
+
+ /* Get attributes of the existing file. */
+ DWORD attribs = GetFileAttributes(path);
+ if (attribs != INVALID_FILE_ATTRIBUTES &&
+ (attribs & (FILE_ATTRIBUTE_HIDDEN |
+ FILE_ATTRIBUTE_SYSTEM |
+ FILE_ATTRIBUTE_READONLY)))
+ {
+ /* If the existing file has
+ * FILE_ATTRIBUTE_HIDDEN and/or
+ * FILE_ATTRIBUTE_SYSTEM, they must be set in
+ * the call to CreateFile(). This is true even
+ * when FILE_ATTRIBUTE_NORMAL was not specified,
+ * contrary to the MS "documentation". */
+ dwFlagsAndAttributes |= (attribs &
+ (FILE_ATTRIBUTE_HIDDEN |
+ FILE_ATTRIBUTE_SYSTEM));
+ /* If the existing file has
+ * FILE_ATTRIBUTE_READONLY, it must be cleared
+ * before attempting to create a new file over
+ * it. This is true even when the process has
+ * the SE_RESTORE_NAME privilege and requested
+ * the FILE_FLAG_BACKUP_SEMANTICS flag to
+ * CreateFile(). */
+ if (attribs & FILE_ATTRIBUTE_READONLY) {
+ SetFileAttributes(path,
+ attribs & ~FILE_ATTRIBUTE_READONLY);
+ }
+ retry_count++;
+ goto retry;
+ }
+ }
+ set_errno_from_win32_error(err);
+ return WIMLIB_ERR_OPEN;
+ }
CloseHandle(h);
return 0;
-
-error:
- set_errno_from_GetLastError();
- return WIMLIB_ERR_OPEN;
}
static int
return WIMLIB_ERR_MKDIR;
}
+/* Delete a non-directory file, working around Windows quirks. */
+static BOOL
+win32_delete_file_wrapper(const wchar_t *path)
+{
+ DWORD err;
+ DWORD attrib;
+
+ if (DeleteFile(path))
+ return TRUE;
+
+ err = GetLastError();
+ attrib = GetFileAttributes(path);
+ if ((attrib != INVALID_FILE_ATTRIBUTES) &&
+ (attrib & FILE_ATTRIBUTE_READONLY))
+ {
+ /* Try again with FILE_ATTRIBUTE_READONLY cleared. */
+ attrib &= ~FILE_ATTRIBUTE_READONLY;
+ if (SetFileAttributes(path, attrib)) {
+ if (DeleteFile(path))
+ return TRUE;
+ else
+ err = GetLastError();
+ }
+ }
+
+ SetLastError(err);
+ return FALSE;
+}
+
static int
win32_create_hardlink(const wchar_t *oldpath, const wchar_t *newpath,
struct apply_ctx *ctx)
if (!CreateHardLink(newpath, oldpath, NULL)) {
if (GetLastError() != ERROR_ALREADY_EXISTS)
goto error;
- if (!DeleteFile(newpath))
+ if (!win32_delete_file_wrapper(newpath))
goto error;
if (!CreateHardLink(newpath, oldpath, NULL))
goto error;
if (!(*win32func_CreateSymbolicLinkW)(newpath, oldpath, 0)) {
if (GetLastError() != ERROR_ALREADY_EXISTS)
goto error;
- if (!DeleteFile(newpath))
+ if (!win32_delete_file_wrapper(newpath))
goto error;
if (!(*win32func_CreateSymbolicLinkW)(newpath, oldpath, 0))
goto error;
stream_path = alloca(sizeof(wchar_t) *
(wcslen(path) + 1 +
wcslen(stream_name) + 1));
- swprintf(stream_path, L"%ls:%ls", path, stream_name);
+ tsprintf(stream_path, L"%ls:%ls", path, stream_name);
}
h = CreateFile(stream_path, FILE_WRITE_DATA, 0, NULL,
ret = 0;
if (!lte)
goto out_close_handle;
- ret = extract_wim_resource(lte, wim_resource_size(lte),
- win32_extract_wim_chunk, h);
+ ret = extract_stream(lte, lte->size, win32_extract_wim_chunk, h);
out_close_handle:
if (!CloseHandle(h))
goto error;
unsigned long len = *len_p;
const struct wim_lookup_table_entry *lte = import_ctx->lte;
- len = min(len, wim_resource_size(lte) - import_ctx->offset);
+ len = min(len, lte->size - import_ctx->offset);
- if (read_partial_wim_resource_into_buf(lte, len, import_ctx->offset, data))
+ if (read_partial_wim_stream_into_buf(lte, len, import_ctx->offset, data))
return ERROR_READ_FAULT;
import_ctx->offset += len;
PSECURITY_DESCRIPTOR desc)
{
#ifdef WITH_NTDLL
- return RtlNtStatusToDosError(NtSetSecurityObject(h, info, desc));
-#else
+ if (func_NtSetSecurityObject) {
+ return (*func_RtlNtStatusToDosError)(
+ (*func_NtSetSecurityObject)(h, info, desc));
+ }
+#endif
if (SetFileSecurity(path, info, desc))
return ERROR_SUCCESS;
else
return GetLastError();
-#endif
}
+/*
+ * Set an arbitrary security descriptor on an arbitrary file (or directory),
+ * working around bugs and design flaws in the Windows operating system.
+ *
+ * On success, return 0. On failure, return WIMLIB_ERR_SET_SECURITY and set
+ * errno. Note: if WIMLIB_EXTRACT_FLAG_STRICT_ACLS is not set in
+ * ctx->extract_flags, this function succeeds iff any part of the security
+ * descriptor was successfully set.
+ */
static int
win32_set_security_descriptor(const wchar_t *path, const u8 *desc,
size_t desc_size, struct apply_ctx *ctx)
{
SECURITY_INFORMATION info;
HANDLE h;
- DWORD err;
int ret;
+ /* We really just want to set entire the security descriptor as-is, but
+ * all available APIs require specifying the specific parts of the
+ * descriptor being set. Start out by requesting all parts be set. If
+ * permissions problems are encountered, fall back to omitting some
+ * parts (first the SACL, then the DACL, then the owner), unless the
+ * WIMLIB_EXTRACT_FLAG_STRICT_ACLS flag has been enabled. */
info = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
+
h = INVALID_HANDLE_VALUE;
+ /* Prefer NtSetSecurityObject() to SetFileSecurity(). SetFileSecurity()
+ * itself necessarily uses NtSetSecurityObject() as the latter is the
+ * underlying system call for setting security information, but
+ * SetFileSecurity() opens the handle with NtCreateFile() without
+ * FILE_OPEN_FILE_BACKUP_INTENT. Hence, access checks are done and due
+ * to the Windows security model, even a process running as the
+ * Administrator can have access denied. (Of course, this not mentioned
+ * in the MS "documentation".) */
+
#ifdef WITH_NTDLL
- h = win32_open_existing_file(path, MAXIMUM_ALLOWED);
- if (h == INVALID_HANDLE_VALUE) {
- ERROR_WITH_ERRNO("Can't open %ls (%u)", path, GetLastError());
- goto error;
+ if (func_NtSetSecurityObject) {
+ DWORD dwDesiredAccess;
+
+ /* Open a handle for NtSetSecurityObject() with as many relevant
+ * access rights as possible.
+ *
+ * We don't know which rights will be actually granted. It
+ * could be less than what is needed to actually assign the full
+ * security descriptor, especially if the process is running as
+ * a non-Administrator. However, by default we just do the best
+ * we can, unless WIMLIB_EXTRACT_FLAG_STRICT_ACLS has been
+ * enabled. The MAXIMUM_ALLOWED access right is seemingly
+ * designed for this use case; however, it does not work
+ * properly in all cases: it can cause CreateFile() to fail with
+ * ERROR_ACCESS_DENIED, even though by definition
+ * MAXIMUM_ALLOWED access only requests access rights that are
+ * *not* denied. (Needless to say, MS does not document this
+ * bug.) */
+
+ dwDesiredAccess = WRITE_DAC |
+ WRITE_OWNER |
+ ACCESS_SYSTEM_SECURITY;
+ for (;;) {
+ DWORD err;
+
+ h = win32_open_existing_file(path, dwDesiredAccess);
+ if (h != INVALID_HANDLE_VALUE)
+ break;
+ err = GetLastError();
+ if (err == ERROR_ACCESS_DENIED ||
+ err == ERROR_PRIVILEGE_NOT_HELD)
+ {
+ /* Don't increment partial_security_descriptors
+ * here or check WIMLIB_EXTRACT_FLAG_STRICT_ACLS
+ * here. It will be done later if needed; here
+ * we are just trying to get as many relevant
+ * access rights as possible. */
+ if (dwDesiredAccess & ACCESS_SYSTEM_SECURITY) {
+ dwDesiredAccess &= ~ACCESS_SYSTEM_SECURITY;
+ continue;
+ }
+ if (dwDesiredAccess & WRITE_DAC) {
+ dwDesiredAccess &= ~WRITE_DAC;
+ continue;
+ }
+ if (dwDesiredAccess & WRITE_OWNER) {
+ dwDesiredAccess &= ~WRITE_OWNER;
+ continue;
+ }
+ }
+ /* Other error, or couldn't open the file even with no
+ * access rights specified. Something else must be
+ * wrong. */
+ set_errno_from_win32_error(err);
+ return WIMLIB_ERR_SET_SECURITY;
+ }
}
#endif
+ /* Try setting the security descriptor. */
for (;;) {
+ DWORD err;
+
err = do_win32_set_security_descriptor(h, path, info,
(PSECURITY_DESCRIPTOR)desc);
- if (err == ERROR_SUCCESS)
+ if (err == ERROR_SUCCESS) {
+ ret = 0;
break;
+ }
+
+ /* Failed to set the requested parts of the security descriptor.
+ * If the error was permissions-related, try to set fewer parts
+ * of the security descriptor, unless
+ * WIMLIB_EXTRACT_FLAG_STRICT_ACLS is enabled. */
if ((err == ERROR_PRIVILEGE_NOT_HELD ||
err == ERROR_ACCESS_DENIED) &&
!(ctx->extract_flags & WIMLIB_EXTRACT_FLAG_STRICT_ACLS))
info &= ~OWNER_SECURITY_INFORMATION;
continue;
}
- ctx->partial_security_descriptors--;
- ctx->no_security_descriptors++;
- break;
+ /* Nothing left except GROUP, and if we removed it we
+ * wouldn't have anything at all. */
}
- goto error;
+ /* No part of the security descriptor could be set, or
+ * WIMLIB_EXTRACT_FLAG_STRICT_ACLS is enabled and the full
+ * security descriptor could not be set. */
+ if (!(info & SACL_SECURITY_INFORMATION))
+ ctx->partial_security_descriptors--;
+ set_errno_from_win32_error(err);
+ ret = WIMLIB_ERR_SET_SECURITY;
+ break;
}
- ret = 0;
-out_close:
+
+ /* Close handle opened for NtSetSecurityObject(). */
#ifdef WITH_NTDLL
- CloseHandle(h);
+ if (func_NtSetSecurityObject)
+ CloseHandle(h);
#endif
return ret;
-
-error:
- set_errno_from_GetLastError();
- ret = WIMLIB_ERR_SET_SECURITY;
- goto out_close;
}
static int
git://wimlib.net / wimlib / blobdiff