X-Git-Url: https://wimlib.net/git/?p=wimlib;a=blobdiff_plain;f=src%2Fwin32_apply.c;h=c182862ea42af8e4483a687df00d665222184216;hp=bce897a46344860ed42ce0b82b6ef086140b81c9;hb=b3562d219976321899ea77bf36c25adf756c7447;hpb=d1301021c8edf915004faf291f31e4c99b0bcfde diff --git a/src/win32_apply.c b/src/win32_apply.c index bce897a4..c182862e 100644 --- a/src/win32_apply.c +++ b/src/win32_apply.c @@ -30,8 +30,125 @@ #include "wimlib/win32_common.h" #include "wimlib/apply.h" +#include "wimlib/capture.h" +#include "wimlib/dentry.h" #include "wimlib/error.h" #include "wimlib/lookup_table.h" +#include "wimlib/paths.h" +#include "wimlib/textfile.h" +#include "wimlib/xml.h" +#include "wimlib/wim.h" +#include "wimlib/wimboot.h" + +static void +ctx_save_data_source_id(struct apply_ctx *ctx, u64 data_source_id) +{ + ctx->private[0] = data_source_id & 0xFFFFFFFF; + ctx->private[1] = data_source_id >> 32; +} + +static u64 +ctx_get_data_source_id(const struct apply_ctx *ctx) +{ + return (u32)ctx->private[0] | ((u64)(u32)ctx->private[1] << 32); +} + +static void +set_prepopulate_pats(struct apply_ctx *ctx, struct string_set *s) +{ + ctx->private[2] = (intptr_t)s; +} + +static struct string_set * +get_prepopulate_pats(struct apply_ctx *ctx) +{ + return (struct string_set *)(ctx->private[2]); +} + +static void +free_prepopulate_pats(struct apply_ctx *ctx) +{ + struct string_set *s; + + s = get_prepopulate_pats(ctx); + if (s) { + FREE(s->strings); + FREE(s); + } + set_prepopulate_pats(ctx, NULL); + + FREE((void *)ctx->private[3]); + ctx->private[3] = (intptr_t)NULL; +} + +static int +load_prepopulate_pats(struct apply_ctx *ctx) +{ + int ret; + struct wim_dentry *dentry; + struct wim_lookup_table_entry *lte; + struct string_set *s; + const tchar *path = WIMLIB_WIM_PATH_SEPARATOR_STRING T("Windows") + WIMLIB_WIM_PATH_SEPARATOR_STRING T("System32") + WIMLIB_WIM_PATH_SEPARATOR_STRING T("WimBootCompress.ini"); + void *buf; + void *mem; + struct text_file_section sec; + + dentry = get_dentry(ctx->wim, path, WIMLIB_CASE_INSENSITIVE); + if (!dentry || + (dentry->d_inode->i_attributes & (FILE_ATTRIBUTE_DIRECTORY | + FILE_ATTRIBUTE_REPARSE_POINT | + FILE_ATTRIBUTE_ENCRYPTED)) || + !(lte = inode_unnamed_lte(dentry->d_inode, ctx->wim->lookup_table))) + { + WARNING("%"TS" does not exist in WIM image!", path); + return WIMLIB_ERR_PATH_DOES_NOT_EXIST; + } + + ret = read_full_stream_into_alloc_buf(lte, &buf); + if (ret) + return ret; + + s = CALLOC(1, sizeof(struct string_set)); + if (!s) { + FREE(buf); + return WIMLIB_ERR_NOMEM; + } + + sec.name = T("PrepopulateList"); + sec.strings = s; + + ret = do_load_text_file(path, buf, lte->size, &mem, &sec, 1, + LOAD_TEXT_FILE_REMOVE_QUOTES | + LOAD_TEXT_FILE_NO_WARNINGS, + mangle_pat); + FREE(buf); + if (ret) { + FREE(s); + return ret; + } + set_prepopulate_pats(ctx, s); + ctx->private[3] = (intptr_t)mem; + return 0; +} + +static bool +in_prepopulate_list(struct wim_dentry *dentry, + struct apply_ctx *ctx) +{ + struct string_set *pats; + const tchar *path; + + pats = get_prepopulate_pats(ctx); + if (!pats) + return false; + path = dentry_full_path(dentry); + if (!path) + return false; + + return match_pattern(path, path_basename(path), pats); +} static int win32_start_extract(const wchar_t *path, struct apply_ctx *ctx) @@ -44,40 +161,146 @@ win32_start_extract(const wchar_t *path, struct apply_ctx *ctx) if (ret) return ret; - ctx->supported_features.archive_files = 1; - ctx->supported_features.hidden_files = 1; - ctx->supported_features.system_files = 1; - ctx->supported_features.compressed_files = !!(vol_flags & FILE_FILE_COMPRESSION); - ctx->supported_features.encrypted_files = !!(vol_flags & FILE_SUPPORTS_ENCRYPTION); + ctx->supported_features.archive_files = 1; + ctx->supported_features.hidden_files = 1; + ctx->supported_features.system_files = 1; + + if (vol_flags & FILE_FILE_COMPRESSION) + ctx->supported_features.compressed_files = 1; + + if (vol_flags & FILE_SUPPORTS_ENCRYPTION) { + ctx->supported_features.encrypted_files = 1; + ctx->supported_features.encrypted_directories = 1; + } + ctx->supported_features.not_context_indexed_files = 1; - ctx->supported_features.sparse_files = !!(vol_flags & FILE_SUPPORTS_SPARSE_FILES); - ctx->supported_features.named_data_streams = !!(vol_flags & FILE_NAMED_STREAMS); - ctx->supported_features.hard_links = !!(vol_flags & FILE_SUPPORTS_HARD_LINKS); - ctx->supported_features.reparse_points = !!(vol_flags & FILE_SUPPORTS_REPARSE_POINTS); - ctx->supported_features.security_descriptors = !!(vol_flags & FILE_PERSISTENT_ACLS); - ctx->supported_features.short_names = !!supports_SetFileShortName; + + if (vol_flags & FILE_SUPPORTS_SPARSE_FILES) + ctx->supported_features.sparse_files = 1; + + if (vol_flags & FILE_NAMED_STREAMS) + ctx->supported_features.named_data_streams = 1; + + if (vol_flags & FILE_SUPPORTS_HARD_LINKS) + ctx->supported_features.hard_links = 1; + + if (vol_flags & FILE_SUPPORTS_REPARSE_POINTS) { + ctx->supported_features.reparse_points = 1; + if (win32func_CreateSymbolicLinkW) + ctx->supported_features.symlink_reparse_points = 1; + } + + if (vol_flags & FILE_PERSISTENT_ACLS) + ctx->supported_features.security_descriptors = 1; + + if (supports_SetFileShortName) + ctx->supported_features.short_names = 1; + + if (ctx->extract_flags & WIMLIB_EXTRACT_FLAG_WIMBOOT) { + + ret = load_prepopulate_pats(ctx); + if (ret == WIMLIB_ERR_NOMEM) + return ret; + + u64 data_source_id; + + if (!wim_info_get_wimboot(ctx->wim->wim_info, + ctx->wim->current_image)) + WARNING("Image is not marked as WIMBoot compatible!"); + + ret = wimboot_alloc_data_source_id(ctx->wim->filename, + ctx->wim->current_image, + path, &data_source_id); + if (ret) { + free_prepopulate_pats(ctx); + return ret; + } + + ctx_save_data_source_id(ctx, data_source_id); + } + return 0; } static int -win32_create_file(const wchar_t *path, struct apply_ctx *ctx) +win32_finish_extract(struct apply_ctx *ctx) +{ + free_prepopulate_pats(ctx); + return 0; +} + +/* Delete a non-directory file, working around Windows quirks. */ +static BOOL +win32_delete_file_wrapper(const wchar_t *path) +{ + DWORD err; + DWORD attrib; + + if (DeleteFile(path)) + return TRUE; + + err = GetLastError(); + attrib = GetFileAttributes(path); + if ((attrib != INVALID_FILE_ATTRIBUTES) && + (attrib & FILE_ATTRIBUTE_READONLY)) + { + /* Try again with FILE_ATTRIBUTE_READONLY cleared. */ + attrib &= ~FILE_ATTRIBUTE_READONLY; + if (SetFileAttributes(path, attrib)) { + if (DeleteFile(path)) + return TRUE; + else + err = GetLastError(); + } + } + + SetLastError(err); + return FALSE; +} + + +/* Create a normal file, overwriting one already present. */ +static int +win32_create_file(const wchar_t *path, struct apply_ctx *ctx, u64 *cookie_ret) { HANDLE h; - h = CreateFile(path, 0, 0, NULL, CREATE_ALWAYS, - FILE_ATTRIBUTE_NORMAL | FILE_FLAG_BACKUP_SEMANTICS, NULL); - if (h == INVALID_HANDLE_VALUE) - goto error; + /* Notes: + * + * WRITE_OWNER and WRITE_DAC privileges are required for some reason, + * even through we're creating a new file. + * + * FILE_FLAG_OPEN_REPARSE_POINT is required to prevent an existing + * reparse point from redirecting the creation of the new file + * (potentially to an arbitrary location). + * + * CREATE_ALWAYS could be used instead of CREATE_NEW. However, there + * are quirks that would need to be handled (e.g. having to set + * FILE_ATTRIBUTE_HIDDEN and/or FILE_ATTRIBUTE_SYSTEM if the existing + * file had them specified, and/or having to clear + * FILE_ATTRIBUTE_READONLY on the existing file). It's simpler to just + * call win32_delete_file_wrapper() to delete the existing file in such + * a way that already handles the FILE_ATTRIBUTE_READONLY quirk. + */ +retry: + h = CreateFile(path, WRITE_OWNER | WRITE_DAC, 0, NULL, CREATE_NEW, + FILE_FLAG_BACKUP_SEMANTICS | + FILE_FLAG_OPEN_REPARSE_POINT, NULL); + if (h == INVALID_HANDLE_VALUE) { + DWORD err = GetLastError(); + + if (err == ERROR_FILE_EXISTS && win32_delete_file_wrapper(path)) + goto retry; + set_errno_from_win32_error(err); + return WIMLIB_ERR_OPEN; + } CloseHandle(h); return 0; - -error: - set_errno_from_GetLastError(); - return WIMLIB_ERR_OPEN; } static int -win32_create_directory(const wchar_t *path, struct apply_ctx *ctx) +win32_create_directory(const wchar_t *path, struct apply_ctx *ctx, + u64 *cookie_ret) { if (!CreateDirectory(path, NULL)) if (GetLastError() != ERROR_ALREADY_EXISTS) @@ -93,8 +316,33 @@ static int win32_create_hardlink(const wchar_t *oldpath, const wchar_t *newpath, struct apply_ctx *ctx) { - if (!CreateHardLink(newpath, oldpath, NULL)) - goto error; + if (!CreateHardLink(newpath, oldpath, NULL)) { + if (GetLastError() != ERROR_ALREADY_EXISTS) + goto error; + if (!win32_delete_file_wrapper(newpath)) + goto error; + if (!CreateHardLink(newpath, oldpath, NULL)) + goto error; + } + return 0; + +error: + set_errno_from_GetLastError(); + return WIMLIB_ERR_LINK; +} + +static int +win32_create_symlink(const wchar_t *oldpath, const wchar_t *newpath, + struct apply_ctx *ctx) +{ + if (!(*win32func_CreateSymbolicLinkW)(newpath, oldpath, 0)) { + if (GetLastError() != ERROR_ALREADY_EXISTS) + goto error; + if (!win32_delete_file_wrapper(newpath)) + goto error; + if (!(*win32func_CreateSymbolicLinkW)(newpath, oldpath, 0)) + goto error; + } return 0; error: @@ -134,7 +382,7 @@ win32_extract_stream(const wchar_t *path, const wchar_t *stream_name, stream_path = alloca(sizeof(wchar_t) * (wcslen(path) + 1 + wcslen(stream_name) + 1)); - swprintf(stream_path, L"%ls:%ls", path, stream_name); + tsprintf(stream_path, L"%ls:%ls", path, stream_name); } h = CreateFile(stream_path, FILE_WRITE_DATA, 0, NULL, @@ -147,8 +395,7 @@ win32_extract_stream(const wchar_t *path, const wchar_t *stream_name, ret = 0; if (!lte) goto out_close_handle; - ret = extract_wim_resource(lte, wim_resource_size(lte), - win32_extract_wim_chunk, h); + ret = extract_stream(lte, lte->size, win32_extract_wim_chunk, h); out_close_handle: if (!CloseHandle(h)) goto error; @@ -162,19 +409,31 @@ error: } static int -win32_extract_unnamed_stream(const wchar_t *path, +win32_extract_unnamed_stream(file_spec_t file, struct wim_lookup_table_entry *lte, - struct apply_ctx *ctx) + struct apply_ctx *ctx, + struct wim_dentry *dentry) { - return win32_extract_stream(path, NULL, 0, lte, ctx); + if (ctx->extract_flags & WIMLIB_EXTRACT_FLAG_WIMBOOT + && lte + && lte->resource_location == RESOURCE_IN_WIM + && lte->rspec->wim == ctx->wim + && !in_prepopulate_list(dentry, ctx)) + { + return wimboot_set_pointer(file.path, + ctx_get_data_source_id(ctx), + lte->hash); + } + + return win32_extract_stream(file.path, NULL, 0, lte, ctx); } static int -win32_extract_named_stream(const wchar_t *path, const wchar_t *stream_name, +win32_extract_named_stream(file_spec_t file, const wchar_t *stream_name, size_t stream_name_nchars, struct wim_lookup_table_entry *lte, struct apply_ctx *ctx) { - return win32_extract_stream(path, stream_name, + return win32_extract_stream(file.path, stream_name, stream_name_nchars, lte, ctx); } @@ -191,9 +450,9 @@ win32_encrypted_import_cb(unsigned char *data, void *_import_ctx, unsigned long len = *len_p; const struct wim_lookup_table_entry *lte = import_ctx->lte; - len = min(len, wim_resource_size(lte) - import_ctx->offset); + len = min(len, lte->size - import_ctx->offset); - if (read_partial_wim_resource_into_buf(lte, len, import_ctx->offset, data)) + if (read_partial_wim_stream_into_buf(lte, len, import_ctx->offset, data)) return ERROR_READ_FAULT; import_ctx->offset += len; @@ -213,7 +472,7 @@ win32_extract_encrypted_stream(const wchar_t *path, err = OpenEncryptedFileRaw(path, CREATE_FOR_IMPORT, &file_ctx); if (err != ERROR_SUCCESS) { - errno = win32_error_to_errno(err); + set_errno_from_win32_error(err); ret = WIMLIB_ERR_OPEN; goto out; } @@ -223,7 +482,7 @@ win32_extract_encrypted_stream(const wchar_t *path, err = WriteEncryptedFileRaw(win32_encrypted_import_cb, &extract_ctx, file_ctx); if (err != ERROR_SUCCESS) { - errno = win32_error_to_errno(err); + set_errno_from_win32_error(err); ret = WIMLIB_ERR_WRITE; goto out_close; } @@ -243,10 +502,7 @@ win32_set_special_file_attributes(const wchar_t *path, u32 attributes) USHORT compression_format = COMPRESSION_FORMAT_DEFAULT; DWORD bytes_returned; - h = CreateFile(path, GENERIC_READ | GENERIC_WRITE, 0, NULL, - OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS | - FILE_FLAG_OPEN_REPARSE_POINT, - NULL); + h = win32_open_existing_file(path, GENERIC_READ | GENERIC_WRITE); if (h == INVALID_HANDLE_VALUE) goto error; @@ -283,7 +539,7 @@ error: static int win32_set_file_attributes(const wchar_t *path, u32 attributes, - struct apply_ctx *ctx) + struct apply_ctx *ctx, unsigned pass) { u32 special_attributes = FILE_ATTRIBUTE_REPARSE_POINT | @@ -293,9 +549,19 @@ win32_set_file_attributes(const wchar_t *path, u32 attributes, FILE_ATTRIBUTE_ENCRYPTED; u32 actual_attributes; + /* Delay setting FILE_ATTRIBUTE_READONLY on the initial pass (when files + * are created, but data not extracted); otherwise the system will + * refuse access to the file even if the process has SeRestorePrivilege. + */ + if (pass == 0) + attributes &= ~FILE_ATTRIBUTE_READONLY; + if (!SetFileAttributes(path, attributes & ~special_attributes)) goto error; + if (pass != 0) + return 0; + if (attributes & (FILE_ATTRIBUTE_SPARSE_FILE | FILE_ATTRIBUTE_ENCRYPTED | FILE_ATTRIBUTE_COMPRESSED)) @@ -320,10 +586,7 @@ win32_set_file_attributes(const wchar_t *path, u32 attributes, DWORD bytes_returned; USHORT compression_format = COMPRESSION_FORMAT_NONE; - h = CreateFile(path, GENERIC_READ | GENERIC_WRITE, 0, NULL, - OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS | - FILE_FLAG_OPEN_REPARSE_POINT, - NULL); + h = win32_open_existing_file(path, GENERIC_READ | GENERIC_WRITE); if (h == INVALID_HANDLE_VALUE) goto error; @@ -342,7 +605,6 @@ win32_set_file_attributes(const wchar_t *path, u32 attributes, goto error; } -success: return 0; error: @@ -358,10 +620,7 @@ win32_set_reparse_data(const wchar_t *path, const u8 *rpbuf, u16 rpbuflen, DWORD err; DWORD bytes_returned; - h = CreateFile(path, GENERIC_WRITE, 0, NULL, - OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS | - FILE_FLAG_OPEN_REPARSE_POINT, - NULL); + h = win32_open_existing_file(path, GENERIC_WRITE); if (h == INVALID_HANDLE_VALUE) goto error; @@ -391,10 +650,7 @@ win32_set_short_name(const wchar_t *path, const wchar_t *short_name, HANDLE h; DWORD err; - h = CreateFile(path, GENERIC_WRITE | DELETE, 0, NULL, - OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS | - FILE_FLAG_OPEN_REPARSE_POINT, - NULL); + h = win32_open_existing_file(path, GENERIC_WRITE | DELETE); if (h == INVALID_HANDLE_VALUE) goto error; @@ -420,32 +676,171 @@ error: return WIMLIB_ERR_WRITE; /* XXX: need better error code */ } +static DWORD +do_win32_set_security_descriptor(HANDLE h, const wchar_t *path, + SECURITY_INFORMATION info, + PSECURITY_DESCRIPTOR desc) +{ +#ifdef WITH_NTDLL + if (func_NtSetSecurityObject) { + return (*func_RtlNtStatusToDosError)( + (*func_NtSetSecurityObject)(h, info, desc)); + } +#endif + if (SetFileSecurity(path, info, desc)) + return ERROR_SUCCESS; + else + return GetLastError(); +} + +/* + * Set an arbitrary security descriptor on an arbitrary file (or directory), + * working around bugs and design flaws in the Windows operating system. + * + * On success, return 0. On failure, return WIMLIB_ERR_SET_SECURITY and set + * errno. Note: if WIMLIB_EXTRACT_FLAG_STRICT_ACLS is not set in + * ctx->extract_flags, this function succeeds iff any part of the security + * descriptor was successfully set. + */ static int -win32_set_security_descriptor(const wchar_t *path, const u8 *desc, size_t desc_size, - struct apply_ctx *ctx) +win32_set_security_descriptor(const wchar_t *path, const u8 *desc, + size_t desc_size, struct apply_ctx *ctx) { SECURITY_INFORMATION info; + HANDLE h; + int ret; - info = OWNER_SECURITY_INFORMATION | - GROUP_SECURITY_INFORMATION | - DACL_SECURITY_INFORMATION | - SACL_SECURITY_INFORMATION; -retry: - if (!SetFileSecurity(path, info, (PSECURITY_DESCRIPTOR)desc)) { - if (!(ctx->extract_flags & WIMLIB_EXTRACT_FLAG_STRICT_ACLS) && - GetLastError() == ERROR_PRIVILEGE_NOT_HELD && - (info & SACL_SECURITY_INFORMATION)) + /* We really just want to set entire the security descriptor as-is, but + * all available APIs require specifying the specific parts of the + * descriptor being set. Start out by requesting all parts be set. If + * permissions problems are encountered, fall back to omitting some + * parts (first the SACL, then the DACL, then the owner), unless the + * WIMLIB_EXTRACT_FLAG_STRICT_ACLS flag has been enabled. */ + info = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | + DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION; + + h = INVALID_HANDLE_VALUE; + + /* Prefer NtSetSecurityObject() to SetFileSecurity(). SetFileSecurity() + * itself necessarily uses NtSetSecurityObject() as the latter is the + * underlying system call for setting security information, but + * SetFileSecurity() opens the handle with NtCreateFile() without + * FILE_OPEN_FILE_BACKUP_INTENT. Hence, access checks are done and due + * to the Windows security model, even a process running as the + * Administrator can have access denied. (Of course, this not mentioned + * in the MS "documentation".) */ + +#ifdef WITH_NTDLL + if (func_NtSetSecurityObject) { + DWORD dwDesiredAccess; + + /* Open a handle for NtSetSecurityObject() with as many relevant + * access rights as possible. + * + * We don't know which rights will be actually granted. It + * could be less than what is needed to actually assign the full + * security descriptor, especially if the process is running as + * a non-Administrator. However, by default we just do the best + * we can, unless WIMLIB_EXTRACT_FLAG_STRICT_ACLS has been + * enabled. The MAXIMUM_ALLOWED access right is seemingly + * designed for this use case; however, it does not work + * properly in all cases: it can cause CreateFile() to fail with + * ERROR_ACCESS_DENIED, even though by definition + * MAXIMUM_ALLOWED access only requests access rights that are + * *not* denied. (Needless to say, MS does not document this + * bug.) */ + + dwDesiredAccess = WRITE_DAC | + WRITE_OWNER | + ACCESS_SYSTEM_SECURITY; + for (;;) { + DWORD err; + + h = win32_open_existing_file(path, dwDesiredAccess); + if (h != INVALID_HANDLE_VALUE) + break; + err = GetLastError(); + if (err == ERROR_ACCESS_DENIED || + err == ERROR_PRIVILEGE_NOT_HELD) + { + /* Don't increment partial_security_descriptors + * here or check WIMLIB_EXTRACT_FLAG_STRICT_ACLS + * here. It will be done later if needed; here + * we are just trying to get as many relevant + * access rights as possible. */ + if (dwDesiredAccess & ACCESS_SYSTEM_SECURITY) { + dwDesiredAccess &= ~ACCESS_SYSTEM_SECURITY; + continue; + } + if (dwDesiredAccess & WRITE_DAC) { + dwDesiredAccess &= ~WRITE_DAC; + continue; + } + if (dwDesiredAccess & WRITE_OWNER) { + dwDesiredAccess &= ~WRITE_OWNER; + continue; + } + } + /* Other error, or couldn't open the file even with no + * access rights specified. Something else must be + * wrong. */ + set_errno_from_win32_error(err); + return WIMLIB_ERR_SET_SECURITY; + } + } +#endif + + /* Try setting the security descriptor. */ + for (;;) { + DWORD err; + + err = do_win32_set_security_descriptor(h, path, info, + (PSECURITY_DESCRIPTOR)desc); + if (err == ERROR_SUCCESS) { + ret = 0; + break; + } + + /* Failed to set the requested parts of the security descriptor. + * If the error was permissions-related, try to set fewer parts + * of the security descriptor, unless + * WIMLIB_EXTRACT_FLAG_STRICT_ACLS is enabled. */ + if ((err == ERROR_PRIVILEGE_NOT_HELD || + err == ERROR_ACCESS_DENIED) && + !(ctx->extract_flags & WIMLIB_EXTRACT_FLAG_STRICT_ACLS)) { - info &= ~SACL_SECURITY_INFORMATION; - goto retry; + if (info & SACL_SECURITY_INFORMATION) { + info &= ~SACL_SECURITY_INFORMATION; + ctx->partial_security_descriptors++; + continue; + } + if (info & DACL_SECURITY_INFORMATION) { + info &= ~DACL_SECURITY_INFORMATION; + continue; + } + if (info & OWNER_SECURITY_INFORMATION) { + info &= ~OWNER_SECURITY_INFORMATION; + continue; + } + /* Nothing left except GROUP, and if we removed it we + * wouldn't have anything at all. */ } - goto error; + /* No part of the security descriptor could be set, or + * WIMLIB_EXTRACT_FLAG_STRICT_ACLS is enabled and the full + * security descriptor could not be set. */ + if (!(info & SACL_SECURITY_INFORMATION)) + ctx->partial_security_descriptors--; + set_errno_from_win32_error(err); + ret = WIMLIB_ERR_SET_SECURITY; + break; } - return 0; -error: - set_errno_from_GetLastError(); - return WIMLIB_ERR_SET_SECURITY; + /* Close handle opened for NtSetSecurityObject(). */ +#ifdef WITH_NTDLL + if (func_NtSetSecurityObject) + CloseHandle(h); +#endif + return ret; } static int @@ -462,10 +857,7 @@ win32_set_timestamps(const wchar_t *path, u64 creation_time, FILETIME lastWriteTime = {.dwLowDateTime = last_write_time & 0xffffffff, .dwHighDateTime = last_write_time >> 32}; - h = CreateFile(path, FILE_WRITE_ATTRIBUTES, 0, NULL, - OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS | - FILE_FLAG_OPEN_REPARSE_POINT, - NULL); + h = win32_open_existing_file(path, FILE_WRITE_ATTRIBUTES); if (h == INVALID_HANDLE_VALUE) goto error; @@ -491,9 +883,12 @@ const struct apply_operations win32_apply_ops = { .target_is_root = win32_path_is_root_of_drive, .start_extract = win32_start_extract, + .finish_extract = win32_finish_extract, + .abort_extract = win32_finish_extract, .create_file = win32_create_file, .create_directory = win32_create_directory, .create_hardlink = win32_create_hardlink, + .create_symlink = win32_create_symlink, .extract_unnamed_stream = win32_extract_unnamed_stream, .extract_named_stream = win32_extract_named_stream, .extract_encrypted_stream = win32_extract_encrypted_stream, @@ -511,6 +906,9 @@ const struct apply_operations win32_apply_ops = { .requires_realtarget_in_paths = 1, .realpath_works_on_nonexisting_files = 1, .root_directory_is_special = 1, + .requires_final_set_attributes_pass = 1, + .extract_encrypted_stream_creates_file = 1, + .requires_short_name_reordering = 1, /* TODO: check if this is really needed */ }; #endif /* __WIN32__ */