X-Git-Url: https://wimlib.net/git/?p=wimlib;a=blobdiff_plain;f=src%2Fwin32_apply.c;h=39e7d405c509d5cc5171bd3f194e9b2615d50b0e;hp=c0487c62445e6b4d23e0e517c07dca689416a087;hb=42172f81213121f379563919114d4897d816134b;hpb=156bb1de48ff4a594f6a2a2f86e86213d65a6b08 diff --git a/src/win32_apply.c b/src/win32_apply.c index c0487c62..39e7d405 100644 --- a/src/win32_apply.c +++ b/src/win32_apply.c @@ -53,6 +53,7 @@ struct win32_apply_ctx { void *mem_prepopulate_pats; u8 wim_lookup_table_hash[SHA1_HASH_SIZE]; bool wof_running; + bool tried_to_load_prepopulate_list; } wimboot; /* Open handle to the target directory */ @@ -124,6 +125,13 @@ struct win32_apply_ctx { /* Number of files for which we didn't have permission to set any part * of the security descriptor. */ unsigned long no_security_descriptors; + + /* Number of files for which we couldn't set the short name. */ + unsigned long num_short_name_failures; + + /* Have we tried to enable short name support on the target volume yet? + */ + bool tried_to_enable_short_names; }; /* Get the drive letter from a Windows path, or return the null character if the @@ -249,6 +257,8 @@ load_prepopulate_pats(struct win32_apply_ctx *ctx) void *mem; struct text_file_section sec; + ctx->wimboot.tried_to_load_prepopulate_list = true; + dentry = get_dentry(ctx->common.wim, path, WIMLIB_CASE_INSENSITIVE); if (!dentry || (dentry->d_inode->i_attributes & (FILE_ATTRIBUTE_DIRECTORY | @@ -305,6 +315,95 @@ in_prepopulate_list(struct wim_dentry *dentry, wcslen(dentry->_full_path), pats); } +static const wchar_t * +current_path(struct win32_apply_ctx *ctx); + +static void +build_extraction_path(const struct wim_dentry *dentry, + struct win32_apply_ctx *ctx); + +#define WIM_BACKING_NOT_ENABLED -1 +#define WIM_BACKING_NOT_POSSIBLE -2 +#define WIM_BACKING_EXCLUDED -3 + +/* + * Determines if the unnamed data stream of a file will be created as an + * external backing, as opposed to a standard extraction. + */ +static int +win32_will_externally_back(struct wim_dentry *dentry, struct apply_ctx *_ctx) +{ + struct win32_apply_ctx *ctx = (struct win32_apply_ctx *)_ctx; + struct wim_lookup_table_entry *stream; + int ret; + + if (!(ctx->common.extract_flags & WIMLIB_EXTRACT_FLAG_WIMBOOT)) + return WIM_BACKING_NOT_ENABLED; + + if (!ctx->wimboot.tried_to_load_prepopulate_list) { + ret = load_prepopulate_pats(ctx); + if (ret == WIMLIB_ERR_NOMEM) + return ret; + } + + if (dentry->d_inode->i_attributes & (FILE_ATTRIBUTE_DIRECTORY | + FILE_ATTRIBUTE_REPARSE_POINT | + FILE_ATTRIBUTE_ENCRYPTED)) + return WIM_BACKING_NOT_POSSIBLE; + + stream = inode_unnamed_lte_resolved(dentry->d_inode); + + if (!stream || + stream->resource_location != RESOURCE_IN_WIM || + stream->rspec->wim != ctx->common.wim || + stream->size != stream->rspec->uncompressed_size) + return WIM_BACKING_NOT_POSSIBLE; + + ret = calculate_dentry_full_path(dentry); + if (ret) + return ret; + + if (in_prepopulate_list(dentry, ctx)) + return WIM_BACKING_EXCLUDED; + + return 0; +} + +static int +set_external_backing(HANDLE h, struct wim_dentry *dentry, struct win32_apply_ctx *ctx) +{ + int ret; + + ret = win32_will_externally_back(dentry, &ctx->common); + if (ret > 0) /* Error. */ + return ret; + + if (ret < 0 && ret != WIM_BACKING_EXCLUDED) + return 0; /* Not externally backing, other than due to exclusion. */ + + build_extraction_path(dentry, ctx); + + if (ret == WIM_BACKING_EXCLUDED) { + /* Not externally backing due to exclusion. */ + union wimlib_progress_info info; + + info.wimboot_exclude.path_in_wim = dentry->_full_path; + info.wimboot_exclude.extraction_path = current_path(ctx); + + return call_progress(ctx->common.progfunc, + WIMLIB_PROGRESS_MSG_WIMBOOT_EXCLUDE, + &info, ctx->common.progctx); + } else { + /* Externally backing. */ + return wimboot_set_pointer(h, + current_path(ctx), + inode_unnamed_lte_resolved(dentry->d_inode), + ctx->wimboot.data_source_id, + ctx->wimboot.wim_lookup_table_hash, + ctx->wimboot.wof_running); + } +} + /* Calculates the SHA-1 message digest of the WIM's lookup table. */ static int hash_lookup_table(WIMStruct *wim, u8 hash[SHA1_HASH_SIZE]) @@ -321,9 +420,11 @@ start_wimboot_extraction(struct win32_apply_ctx *ctx) int ret; WIMStruct *wim = ctx->common.wim; - ret = load_prepopulate_pats(ctx); - if (ret == WIMLIB_ERR_NOMEM) - return ret; + if (!ctx->wimboot.tried_to_load_prepopulate_list) { + ret = load_prepopulate_pats(ctx); + if (ret == WIMLIB_ERR_NOMEM) + return ret; + } if (!wim_info_get_wimboot(wim->wim_info, wim->current_image)) WARNING("Image is not marked as WIMBoot compatible!"); @@ -333,20 +434,6 @@ start_wimboot_extraction(struct win32_apply_ctx *ctx) if (ret) return ret; - /* TODO: DISM seems to set HKEY_LOCAL_MACHINE\SOFTWARE\Setup - * "WimBoot"=dword:00000001 in the registry of the extracted image. Do - * we need to do this too? I'd really prefer not to be mucking around - * with the extracted files, and certainly not the registry... - * - * It changed two other keys as well: - * - * [HKEY_LOCAL_MACHINE\SOFTWARE\ControlSet001\Control\ProductOptions] - * value "ProductPolicy" - * - * [HKEY_LOCAL_MACHINE\SOFTWARE\ControlSet001\Control\SessionManager\AppCompatCache] - * value "AppCompatCache" - */ - return wimboot_alloc_data_source_id(wim->filename, wim->hdr.guid, wim->current_image, @@ -355,6 +442,80 @@ start_wimboot_extraction(struct win32_apply_ctx *ctx) &ctx->wimboot.wof_running); } +static void +build_win32_extraction_path(const struct wim_dentry *dentry, + struct win32_apply_ctx *ctx); + +/* Sets WimBoot=1 in the extracted SYSTEM registry hive. + * + * WIMGAPI does this, and it's possible that it's important. + * But I don't know exactly what this value means to Windows. */ +static int +end_wimboot_extraction(struct win32_apply_ctx *ctx) +{ + struct wim_dentry *dentry; + wchar_t subkeyname[32]; + LONG res; + LONG res2; + HKEY key; + DWORD value; + + dentry = get_dentry(ctx->common.wim, L"\\Windows\\System32\\config\\SYSTEM", + WIMLIB_CASE_INSENSITIVE); + + if (!dentry || !will_extract_dentry(dentry)) + goto out; + + if (!will_extract_dentry(wim_get_current_root_dentry(ctx->common.wim))) + goto out; + + /* Not bothering to use the native routines (e.g. NtLoadKey()) for this. + * If this doesn't work, you probably also have many other problems. */ + + build_win32_extraction_path(dentry, ctx); + + randomize_char_array_with_alnum(subkeyname, 20); + subkeyname[20] = L'\0'; + + res = RegLoadKey(HKEY_LOCAL_MACHINE, subkeyname, ctx->pathbuf.Buffer); + if (res) + goto out_check_res; + + wcscpy(&subkeyname[20], L"\\Setup"); + + res = RegCreateKeyEx(HKEY_LOCAL_MACHINE, subkeyname, 0, NULL, + REG_OPTION_BACKUP_RESTORE, 0, NULL, &key, NULL); + if (res) + goto out_unload_key; + + value = 1; + + res = RegSetValueEx(key, L"WimBoot", 0, REG_DWORD, + (const BYTE *)&value, sizeof(DWORD)); + if (res) + goto out_close_key; + + res = RegFlushKey(key); + +out_close_key: + res2 = RegCloseKey(key); + if (!res) + res = res2; +out_unload_key: + subkeyname[20] = L'\0'; + RegUnLoadKey(HKEY_LOCAL_MACHINE, subkeyname); +out_check_res: + if (res) { + /* Warning only. */ + set_errno_from_win32_error(res); + WARNING_WITH_ERRNO("Failed to set \\Setup: dword \"WimBoot\"=1 value " + "in registry hive \"%ls\" (err=%"PRIu32")", + ctx->pathbuf.Buffer, (u32)res); + } +out: + return 0; +} + /* Returns the number of wide characters needed to represent the path to the * specified @dentry, relative to the target directory, when extracted. * @@ -475,7 +636,7 @@ build_extraction_path_with_ads(const struct wim_dentry *dentry, * The path is saved in ctx->pathbuf and will be null terminated. * * XXX: We could get rid of this if it wasn't needed for the file encryption - * APIs. */ + * APIs, and the registry manipulation in WIMBoot mode. */ static void build_win32_extraction_path(const struct wim_dentry *dentry, struct win32_apply_ctx *ctx) @@ -583,11 +744,11 @@ prepare_target(struct list_head *dentry_list, struct win32_apply_ctx *ctx) /* When creating an inode that will have a short (DOS) name, we create it using * the long name associated with the short name. This ensures that the short * name gets associated with the correct long name. */ -static const struct wim_dentry * +static struct wim_dentry * first_extraction_alias(const struct wim_inode *inode) { - const struct list_head *next = inode->i_extraction_aliases.next; - const struct wim_dentry *dentry; + struct list_head *next = inode->i_extraction_aliases.next; + struct wim_dentry *dentry; do { dentry = list_entry(next, struct wim_dentry, @@ -729,6 +890,43 @@ maybe_clear_encryption_attribute(HANDLE *h_ptr, const struct wim_dentry *dentry, return 0; } +/* Try to enable short name support on the target volume. If successful, return + * true. If unsuccessful, issue a warning and return false. */ +static bool +try_to_enable_short_names(const wchar_t *volume) +{ + HANDLE h; + FILE_FS_PERSISTENT_VOLUME_INFORMATION info; + BOOL bret; + DWORD bytesReturned; + + h = CreateFile(volume, GENERIC_WRITE, + FILE_SHARE_VALID_FLAGS, NULL, OPEN_EXISTING, + FILE_FLAG_BACKUP_SEMANTICS, NULL); + if (h == INVALID_HANDLE_VALUE) + goto fail; + + info.VolumeFlags = 0; + info.FlagMask = PERSISTENT_VOLUME_STATE_SHORT_NAME_CREATION_DISABLED; + info.Version = 1; + info.Reserved = 0; + + bret = DeviceIoControl(h, FSCTL_SET_PERSISTENT_VOLUME_STATE, + &info, sizeof(info), NULL, 0, + &bytesReturned, NULL); + + CloseHandle(h); + + if (!bret) + goto fail; + return true; + +fail: + WARNING("Failed to enable short name support on %ls " + "(err=%"PRIu32")", volume + 4, (u32)GetLastError()); + return false; +} + /* Set the short name on the open file @h which has been created at the location * indicated by @dentry. * @@ -743,29 +941,67 @@ static int set_short_name(HANDLE h, const struct wim_dentry *dentry, struct win32_apply_ctx *ctx) { + + if (!ctx->common.supported_features.short_names) + return 0; + + /* + * Note: The size of the FILE_NAME_INFORMATION buffer must be such that + * FileName contains at least 2 wide characters (4 bytes). Otherwise, + * NtSetInformationFile() will return STATUS_INFO_LENGTH_MISMATCH. This + * is despite the fact that FileNameLength can validly be 0 or 2 bytes, + * with the former case being removing the existing short name if + * present, rather than setting one. + * + * The null terminator is seemingly optional, but to be safe we include + * space for it and zero all unused space. + */ + size_t bufsize = offsetof(FILE_NAME_INFORMATION, FileName) + - dentry->short_name_nbytes; + max(dentry->short_name_nbytes, sizeof(wchar_t)) + + sizeof(wchar_t); u8 buf[bufsize] _aligned_attribute(8); FILE_NAME_INFORMATION *info = (FILE_NAME_INFORMATION *)buf; NTSTATUS status; + memset(buf, 0, bufsize); + info->FileNameLength = dentry->short_name_nbytes; memcpy(info->FileName, dentry->short_name, dentry->short_name_nbytes); +retry: status = (*func_NtSetInformationFile)(h, &ctx->iosb, info, bufsize, FileShortNameInformation); if (NT_SUCCESS(status)) return 0; + if (status == STATUS_SHORT_NAMES_NOT_ENABLED_ON_VOLUME) { + if (dentry->short_name_nbytes == 0) + return 0; + if (!ctx->tried_to_enable_short_names) { + wchar_t volume[7]; + int ret; + + ctx->tried_to_enable_short_names = true; + + ret = win32_get_drive_path(ctx->common.target, + volume); + if (ret) + return ret; + if (try_to_enable_short_names(volume)) + goto retry; + } + } + /* By default, failure to set short names is not an error (since short * names aren't too important anymore...). */ - if (!(ctx->common.extract_flags & WIMLIB_EXTRACT_FLAG_STRICT_SHORT_NAMES)) + if (!(ctx->common.extract_flags & WIMLIB_EXTRACT_FLAG_STRICT_SHORT_NAMES)) { + ctx->num_short_name_failures++; return 0; + } if (status == STATUS_SHORT_NAMES_NOT_ENABLED_ON_VOLUME) { - if (dentry->short_name_nbytes == 0) - return 0; - ERROR("Can't extract short name when short " + ERROR("Can't set short name when short " "names are not enabled on the volume!"); } else { ERROR("Can't set short name on \"%ls\" (status=0x%08"PRIx32")", @@ -964,16 +1200,15 @@ create_directories(struct list_head *dentry_list, /* If the root dentry is being extracted, it was already done so * in prepare_target(). */ - if (dentry_is_root(dentry)) - continue; - - ret = create_directory(dentry, ctx); - if (ret) - return ret; + if (!dentry_is_root(dentry)) { + ret = create_directory(dentry, ctx); + if (ret) + return ret; - ret = create_any_empty_ads(dentry, ctx); - if (ret) - return ret; + ret = create_any_empty_ads(dentry, ctx); + if (ret) + return ret; + } ret = report_file_created(&ctx->common); if (ret) @@ -1183,7 +1418,7 @@ create_links(HANDLE h, const struct wim_dentry *first_dentry, static int create_nondirectory(const struct wim_inode *inode, struct win32_apply_ctx *ctx) { - const struct wim_dentry *first_dentry; + struct wim_dentry *first_dentry; HANDLE h; int ret; @@ -1202,6 +1437,10 @@ create_nondirectory(const struct wim_inode *inode, struct win32_apply_ctx *ctx) if (!ret) ret = create_links(h, first_dentry, ctx); + /* "WIMBoot" extraction: set external backing by the WIM file if needed. */ + if (!ret && unlikely(ctx->common.extract_flags & WIMLIB_EXTRACT_FLAG_WIMBOOT)) + ret = set_external_backing(h, first_dentry, ctx); + (*func_NtClose)(h); return ret; } @@ -1220,11 +1459,11 @@ create_nondirectories(struct list_head *dentry_list, struct win32_apply_ctx *ctx if (inode->i_attributes & FILE_ATTRIBUTE_DIRECTORY) continue; /* Call create_nondirectory() only once per inode */ - if (dentry != inode_first_extraction_dentry(inode)) - continue; - ret = create_nondirectory(inode, ctx); - if (ret) - return ret; + if (dentry == inode_first_extraction_dentry(inode)) { + ret = create_nondirectory(inode, ctx); + if (ret) + return ret; + } ret = report_file_created(&ctx->common); if (ret) return ret; @@ -1321,42 +1560,6 @@ begin_extract_stream_instance(const struct wim_lookup_table_entry *stream, return prepare_data_buffer(ctx, stream->size); } - /* Extracting unnamed data stream in WIMBoot mode? */ - if (unlikely(ctx->common.extract_flags & WIMLIB_EXTRACT_FLAG_WIMBOOT) - && (stream_name_nchars == 0) - && (stream->resource_location == RESOURCE_IN_WIM) - && (stream->rspec->wim == ctx->common.wim) - && (stream->size == stream->rspec->uncompressed_size)) - { - int ret = calculate_dentry_full_path(dentry); - if (ret) - return ret; - if (in_prepopulate_list(dentry, ctx)) { - union wimlib_progress_info info; - - info.wimboot_exclude.path_in_wim = dentry->_full_path; - info.wimboot_exclude.extraction_path = current_path(ctx); - - ret = call_progress(ctx->common.progfunc, - WIMLIB_PROGRESS_MSG_WIMBOOT_EXCLUDE, - &info, ctx->common.progctx); - FREE(dentry->_full_path); - dentry->_full_path = NULL; - if (ret) - return ret; - /* Go on and open the file for normal extraction. */ - } else { - FREE(dentry->_full_path); - dentry->_full_path = NULL; - return wimboot_set_pointer(&ctx->attr, - current_path(ctx), - stream, - ctx->wimboot.data_source_id, - ctx->wimboot.wim_lookup_table_hash, - ctx->wimboot.wof_running); - } - } - if (ctx->num_open_handles == MAX_OPEN_STREAMS) { /* XXX: Fix this. But because of the checks in * extract_stream_list(), this can now only happen on a @@ -1806,33 +2009,100 @@ end_extract_stream(struct wim_lookup_table_entry *stream, int status, void *_ctx /* Set the security descriptor @desc, of @desc_size bytes, on the file with open * handle @h. */ static NTSTATUS -set_security_descriptor(HANDLE h, const void *desc, +set_security_descriptor(HANDLE h, const void *_desc, size_t desc_size, struct win32_apply_ctx *ctx) { SECURITY_INFORMATION info; NTSTATUS status; + SECURITY_DESCRIPTOR_RELATIVE *desc; + + /* + * Ideally, we would just pass in the security descriptor buffer as-is. + * But it turns out that Windows can mess up the security descriptor + * even when using the low-level NtSetSecurityObject() function: + * + * - Windows will clear SE_DACL_AUTO_INHERITED if it is set in the + * passed buffer. To actually get Windows to set + * SE_DACL_AUTO_INHERITED, the application must set the non-persistent + * flag SE_DACL_AUTO_INHERIT_REQ. As usual, Microsoft didn't bother + * to properly document either of these flags. It's unclear how + * important SE_DACL_AUTO_INHERITED actually is, but to be safe we use + * the SE_DACL_AUTO_INHERIT_REQ workaround to set it if needed. + * + * - The above also applies to the equivalent SACL flags, + * SE_SACL_AUTO_INHERITED and SE_SACL_AUTO_INHERIT_REQ. + * + * - If the application says that it's setting + * DACL_SECURITY_INFORMATION, then Windows sets SE_DACL_PRESENT in the + * resulting security descriptor, even if the security descriptor the + * application provided did not have a DACL. This seems to be + * unavoidable, since omitting DACL_SECURITY_INFORMATION would cause a + * default DACL to remain. Fortunately, this behavior seems harmless, + * since the resulting DACL will still be "null" --- but it will be + * "the other representation of null". + * + * - The above also applies to SACL_SECURITY_INFORMATION and + * SE_SACL_PRESENT. Again, it's seemingly unavoidable but "harmless" + * that Windows changes the representation of a "null SACL". + */ + if (likely(desc_size <= STACK_MAX)) { + desc = alloca(desc_size); + } else { + desc = MALLOC(desc_size); + if (!desc) + return STATUS_NO_MEMORY; + } + + memcpy(desc, _desc, desc_size); + + if (likely(desc_size >= 4)) { + + if (desc->Control & SE_DACL_AUTO_INHERITED) + desc->Control |= SE_DACL_AUTO_INHERIT_REQ; + + if (desc->Control & SE_SACL_AUTO_INHERITED) + desc->Control |= SE_SACL_AUTO_INHERIT_REQ; + } + + /* + * More API insanity. We want to set the entire security descriptor + * as-is. But all available APIs require specifying the specific parts + * of the security descriptor being set. Especially annoying is that + * mandatory integrity labels are part of the SACL, but they aren't set + * with SACL_SECURITY_INFORMATION. Instead, applications must also + * specify LABEL_SECURITY_INFORMATION (Windows Vista, Windows 7) or + * BACKUP_SECURITY_INFORMATION (Windows 8). But at least older versions + * of Windows don't error out if you provide these newer flags... + * + * Also, if the process isn't running as Administrator, then it probably + * doesn't have SE_RESTORE_PRIVILEGE. In this case, it will always get + * the STATUS_PRIVILEGE_NOT_HELD error by trying to set the SACL, even + * if the security descriptor it provided did not have a SACL. By + * default, in this case we try to recover and set as much of the + * security descriptor as possible --- potentially excluding the DACL, and + * even the owner, as well as the SACL. + */ - /* We really just want to set entire the security descriptor as-is, but - * all available APIs require specifying the specific parts of the - * descriptor being set. Start out by requesting all parts be set. If - * permissions problems are encountered, fall back to omitting some - * parts (first the SACL, then the DACL, then the owner), unless the - * WIMLIB_EXTRACT_FLAG_STRICT_ACLS flag has been enabled. */ info = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | - DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION; - - /* Prefer NtSetSecurityObject() to SetFileSecurity(). SetFileSecurity() - * itself necessarily uses NtSetSecurityObject() as the latter is the - * underlying system call for setting security information, but - * SetFileSecurity() opens the handle with NtCreateFile() without - * FILE_OPEN_FILE_BACKUP_INTENT. Hence, access checks are done and due - * to the Windows security model, even a process running as the - * Administrator can have access denied. (Of course, this not mentioned - * in the MS "documentation".) */ + DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION | + LABEL_SECURITY_INFORMATION | BACKUP_SECURITY_INFORMATION; + + + /* + * It's also worth noting that SetFileSecurity() is unusable because it + * doesn't request "backup semantics" when it opens the file internally. + * NtSetSecurityObject() seems to be the best function to use in backup + * applications. (SetSecurityInfo() should also work, but it's harder + * to use and must call NtSetSecurityObject() internally anyway. + * BackupWrite() is theoretically usable as well, but it's inflexible + * and poorly documented.) + */ + retry: - status = (*func_NtSetSecurityObject)(h, info, (PSECURITY_DESCRIPTOR)desc); + status = (*func_NtSetSecurityObject)(h, info, desc); if (NT_SUCCESS(status)) - return status; + goto out_maybe_free_desc; + /* Failed to set the requested parts of the security descriptor. If the * error was permissions-related, try to set fewer parts of the security * descriptor, unless WIMLIB_EXTRACT_FLAG_STRICT_ACLS is enabled. */ @@ -1841,7 +2111,9 @@ retry: !(ctx->common.extract_flags & WIMLIB_EXTRACT_FLAG_STRICT_ACLS)) { if (info & SACL_SECURITY_INFORMATION) { - info &= ~SACL_SECURITY_INFORMATION; + info &= ~(SACL_SECURITY_INFORMATION | + LABEL_SECURITY_INFORMATION | + BACKUP_SECURITY_INFORMATION); ctx->partial_security_descriptors++; goto retry; } @@ -1863,6 +2135,10 @@ retry: if (!(info & SACL_SECURITY_INFORMATION)) ctx->partial_security_descriptors--; ctx->no_security_descriptors++; + +out_maybe_free_desc: + if (unlikely(desc_size > STACK_MAX)) + FREE(desc); return status; } @@ -2005,23 +2281,42 @@ static void do_warnings(const struct win32_apply_ctx *ctx) { if (ctx->partial_security_descriptors == 0 && - ctx->no_security_descriptors == 0) + ctx->no_security_descriptors == 0 && + ctx->num_short_name_failures == 0) return; WARNING("Extraction to \"%ls\" complete, but with one or more warnings:", ctx->common.target); - if (ctx->partial_security_descriptors != 0) { + if (ctx->num_short_name_failures) { + WARNING("- Could not set short names on %lu files or directories", + ctx->num_short_name_failures); + } + if (ctx->partial_security_descriptors) { WARNING("- Could only partially set the security descriptor\n" " on %lu files or directories.", ctx->partial_security_descriptors); } - if (ctx->no_security_descriptors != 0) { + if (ctx->no_security_descriptors) { WARNING("- Could not set security descriptor at all\n" " on %lu files or directories.", ctx->no_security_descriptors); } - WARNING("To fully restore all security descriptors, run the program\n" - " with Administrator rights."); + if (ctx->partial_security_descriptors || ctx->no_security_descriptors) { + WARNING("To fully restore all security descriptors, run the program\n" + " with Administrator rights."); + } +} + +static uint64_t +count_dentries(const struct list_head *dentry_list) +{ + const struct list_head *cur; + uint64_t count = 0; + + list_for_each(cur, dentry_list) + count++; + + return count; } /* Extract files from a WIM image to a directory on Windows */ @@ -2030,18 +2325,23 @@ win32_extract(struct list_head *dentry_list, struct apply_ctx *_ctx) { int ret; struct win32_apply_ctx *ctx = (struct win32_apply_ctx *)_ctx; + uint64_t dentry_count; ret = prepare_target(dentry_list, ctx); if (ret) goto out; - if (ctx->common.extract_flags & WIMLIB_EXTRACT_FLAG_WIMBOOT) { + if (unlikely(ctx->common.extract_flags & WIMLIB_EXTRACT_FLAG_WIMBOOT)) { ret = start_wimboot_extraction(ctx); if (ret) goto out; } - reset_file_progress(&ctx->common); + dentry_count = count_dentries(dentry_list); + + ret = start_file_structure_phase(&ctx->common, dentry_count); + if (ret) + goto out; ret = create_directories(dentry_list, ctx); if (ret) @@ -2051,6 +2351,10 @@ win32_extract(struct list_head *dentry_list, struct apply_ctx *_ctx) if (ret) goto out; + ret = end_file_structure_phase(&ctx->common); + if (ret) + goto out; + struct read_stream_list_callbacks cbs = { .begin_stream = begin_extract_stream, .begin_stream_ctx = ctx, @@ -2063,12 +2367,24 @@ win32_extract(struct list_head *dentry_list, struct apply_ctx *_ctx) if (ret) goto out; - reset_file_progress(&ctx->common); + ret = start_file_metadata_phase(&ctx->common, dentry_count); + if (ret) + goto out; ret = apply_metadata(dentry_list, ctx); if (ret) goto out; + ret = end_file_metadata_phase(&ctx->common); + if (ret) + goto out; + + if (unlikely(ctx->common.extract_flags & WIMLIB_EXTRACT_FLAG_WIMBOOT)) { + ret = end_wimboot_extraction(ctx); + if (ret) + goto out; + } + do_warnings(ctx); out: if (ctx->h_target) @@ -2090,6 +2406,7 @@ const struct apply_operations win32_apply_ops = { .name = "Windows", .get_supported_features = win32_get_supported_features, .extract = win32_extract, + .will_externally_back = win32_will_externally_back, .context_size = sizeof(struct win32_apply_ctx), };