Win32 extract: Some refactoring; set security on handle, not path
authorEric Biggers <ebiggers3@gmail.com>
Sat, 27 Apr 2013 02:27:47 +0000 (21:27 -0500)
committerEric Biggers <ebiggers3@gmail.com>
Sat, 27 Apr 2013 02:27:47 +0000 (21:27 -0500)
src/util.c
src/wimlib.h
src/win32.c

index 4733ba3..23dfff2 100644 (file)
@@ -269,6 +269,8 @@ static const tchar *error_strings[] = {
        [WIMLIB_ERR_IMAGE_COUNT]
                = T("Inconsistent image count among the metadata "
                        "resources, the WIM header, and/or the XML data"),
        [WIMLIB_ERR_IMAGE_COUNT]
                = T("Inconsistent image count among the metadata "
                        "resources, the WIM header, and/or the XML data"),
+       [WIMLIB_ERR_INSUFFICIENT_PRIVILEGES_TO_EXTRACT]
+               = T("User does not have sufficient privileges to correctly extract the data"),
        [WIMLIB_ERR_IMAGE_NAME_COLLISION]
                = T("Tried to add an image with a name that is already in use"),
        [WIMLIB_ERR_INTEGRITY]
        [WIMLIB_ERR_IMAGE_NAME_COLLISION]
                = T("Tried to add an image with a name that is already in use"),
        [WIMLIB_ERR_INTEGRITY]
index ed036e7..84ee830 100644 (file)
@@ -942,6 +942,7 @@ enum wimlib_error_code {
        WIMLIB_ERR_ICONV_NOT_AVAILABLE,
        WIMLIB_ERR_IMAGE_COUNT,
        WIMLIB_ERR_IMAGE_NAME_COLLISION,
        WIMLIB_ERR_ICONV_NOT_AVAILABLE,
        WIMLIB_ERR_IMAGE_COUNT,
        WIMLIB_ERR_IMAGE_NAME_COLLISION,
+       WIMLIB_ERR_INSUFFICIENT_PRIVILEGES_TO_EXTRACT,
        WIMLIB_ERR_INTEGRITY,
        WIMLIB_ERR_INVALID_CAPTURE_CONFIG,
        WIMLIB_ERR_INVALID_CHUNK_SIZE,
        WIMLIB_ERR_INTEGRITY,
        WIMLIB_ERR_INVALID_CAPTURE_CONFIG,
        WIMLIB_ERR_INVALID_CHUNK_SIZE,
index 40a41e4..a2335a1 100644 (file)
@@ -29,7 +29,8 @@
 #include <windows.h>
 #include <ntdef.h>
 #include <wchar.h>
 #include <windows.h>
 #include <ntdef.h>
 #include <wchar.h>
-#include <shlwapi.h> /* shlwapi.h for PathMatchSpecW() */
+#include <shlwapi.h> /* for PathMatchSpecW() */
+#include <aclapi.h> /* for SetSecurityInfo() */
 #ifdef ERROR /* windows.h defines this */
 #  undef ERROR
 #endif
 #ifdef ERROR /* windows.h defines this */
 #  undef ERROR
 #endif
@@ -1390,7 +1391,13 @@ win32_set_reparse_data(HANDLE h,
                DWORD err = GetLastError();
                ERROR("Failed to set reparse data on \"%ls\"", path);
                win32_error(err);
                DWORD err = GetLastError();
                ERROR("Failed to set reparse data on \"%ls\"", path);
                win32_error(err);
-               return WIMLIB_ERR_WRITE;
+               if (err == ERROR_ACCESS_DENIED || err == ERROR_PRIVILEGE_NOT_HELD)
+                       return WIMLIB_ERR_INSUFFICIENT_PRIVILEGES_TO_EXTRACT;
+               else if (reparse_tag == WIM_IO_REPARSE_TAG_SYMLINK ||
+                        reparse_tag == WIM_IO_REPARSE_TAG_MOUNT_POINT)
+                       return WIMLIB_ERR_LINK;
+               else
+                       return WIMLIB_ERR_WRITE;
        }
        return 0;
 }
        }
        return 0;
 }
@@ -1410,7 +1417,10 @@ win32_set_compressed(HANDLE hFile, const wchar_t *path)
                DWORD err = GetLastError();
                ERROR("Failed to set compression flag on \"%ls\"", path);
                win32_error(err);
                DWORD err = GetLastError();
                ERROR("Failed to set compression flag on \"%ls\"", path);
                win32_error(err);
-               return WIMLIB_ERR_WRITE;
+               if (err == ERROR_ACCESS_DENIED || err == ERROR_PRIVILEGE_NOT_HELD)
+                       return WIMLIB_ERR_INSUFFICIENT_PRIVILEGES_TO_EXTRACT;
+               else
+                       return WIMLIB_ERR_WRITE;
        }
        return 0;
 }
        }
        return 0;
 }
@@ -1429,7 +1439,10 @@ win32_set_sparse(HANDLE hFile, const wchar_t *path)
                DWORD err = GetLastError();
                WARNING("Failed to set sparse flag on \"%ls\"", path);
                win32_error(err);
                DWORD err = GetLastError();
                WARNING("Failed to set sparse flag on \"%ls\"", path);
                win32_error(err);
-               return WIMLIB_ERR_WRITE;
+               if (err == ERROR_ACCESS_DENIED || err == ERROR_PRIVILEGE_NOT_HELD)
+                       return WIMLIB_ERR_INSUFFICIENT_PRIVILEGES_TO_EXTRACT;
+               else
+                       return WIMLIB_ERR_WRITE;
        }
        return 0;
 }
        }
        return 0;
 }
@@ -1439,21 +1452,55 @@ win32_set_sparse(HANDLE hFile, const wchar_t *path)
  */
 static int
 win32_set_security_data(const struct wim_inode *inode,
  */
 static int
 win32_set_security_data(const struct wim_inode *inode,
+                       HANDLE hFile,
                        const wchar_t *path,
                        struct apply_args *args)
 {
        PSECURITY_DESCRIPTOR descriptor;
        unsigned long n;
        DWORD err;
                        const wchar_t *path,
                        struct apply_args *args)
 {
        PSECURITY_DESCRIPTOR descriptor;
        unsigned long n;
        DWORD err;
+       const struct wim_security_data *sd;
+
+       SECURITY_INFORMATION securityInformation = 0;
+
+       void *owner = NULL;
+       void *group = NULL;
+       ACL *dacl = NULL;
+       ACL *sacl = NULL;
+
+       BOOL owner_defaulted;
+       BOOL group_defaulted;
+       BOOL dacl_present;
+       BOOL dacl_defaulted;
+       BOOL sacl_present;
+       BOOL sacl_defaulted;
+
+       sd = wim_const_security_data(args->w);
+       descriptor = sd->descriptors[inode->i_security_id];
+
+       GetSecurityDescriptorOwner(descriptor, &owner, &owner_defaulted);
+       if (owner)
+               securityInformation |= OWNER_SECURITY_INFORMATION;
+
+       GetSecurityDescriptorGroup(descriptor, &group, &group_defaulted);
+       if (group)
+               securityInformation |= GROUP_SECURITY_INFORMATION;
 
 
-       descriptor = wim_const_security_data(args->w)->descriptors[inode->i_security_id];
+       GetSecurityDescriptorDacl(descriptor, &dacl_present,
+                                 &dacl, &dacl_defaulted);
+       if (dacl)
+               securityInformation |= DACL_SECURITY_INFORMATION;
+
+       GetSecurityDescriptorSacl(descriptor, &sacl_present,
+                                 &sacl, &sacl_defaulted);
+       if (sacl)
+               securityInformation |= SACL_SECURITY_INFORMATION;
 
 
-       SECURITY_INFORMATION securityInformation = DACL_SECURITY_INFORMATION |
-                                                  SACL_SECURITY_INFORMATION |
-                                                  OWNER_SECURITY_INFORMATION |
-                                                  GROUP_SECURITY_INFORMATION;
 again:
 again:
-       if (SetFileSecurityW(path, securityInformation, descriptor))
+       if (securityInformation == 0)
+               return 0;
+       if (SetSecurityInfo(hFile, SE_FILE_OBJECT,
+                           securityInformation, owner, group, dacl, sacl))
                return 0;
        err = GetLastError();
        if (args->extract_flags & WIMLIB_EXTRACT_FLAG_STRICT_ACLS)
                return 0;
        err = GetLastError();
        if (args->extract_flags & WIMLIB_EXTRACT_FLAG_STRICT_ACLS)
@@ -1463,6 +1510,7 @@ again:
                if (securityInformation & SACL_SECURITY_INFORMATION) {
                        n = args->num_set_sacl_priv_notheld++;
                        securityInformation &= ~SACL_SECURITY_INFORMATION;
                if (securityInformation & SACL_SECURITY_INFORMATION) {
                        n = args->num_set_sacl_priv_notheld++;
                        securityInformation &= ~SACL_SECURITY_INFORMATION;
+                       sacl = NULL;
                        if (n < MAX_SET_SACL_PRIV_NOTHELD_WARNINGS) {
                                WARNING(
 "We don't have enough privileges to set the full security\n"
                        if (n < MAX_SET_SACL_PRIV_NOTHELD_WARNINGS) {
                                WARNING(
 "We don't have enough privileges to set the full security\n"
@@ -1502,7 +1550,10 @@ again:
 fail:
                ERROR("Failed to set security descriptor on \"%ls\"", path);
                win32_error(err);
 fail:
                ERROR("Failed to set security descriptor on \"%ls\"", path);
                win32_error(err);
-               return WIMLIB_ERR_WRITE;
+               if (err == ERROR_ACCESS_DENIED || err == ERROR_PRIVILEGE_NOT_HELD)
+                       return WIMLIB_ERR_INSUFFICIENT_PRIVILEGES_TO_EXTRACT;
+               else
+                       return WIMLIB_ERR_WRITE;
        }
 }
 
        }
 }
 
@@ -1659,7 +1710,6 @@ win32_set_special_attributes(HANDLE hFile, const struct wim_inode *inode,
                              "does not support reparse points", path);
                }
        }
                              "does not support reparse points", path);
                }
        }
-
        return 0;
 }
 
        return 0;
 }
 
@@ -1668,17 +1718,18 @@ win32_extract_stream(const struct wim_inode *inode,
                     const wchar_t *path,
                     const wchar_t *stream_name_utf16,
                     struct wim_lookup_table_entry *lte,
                     const wchar_t *path,
                     const wchar_t *stream_name_utf16,
                     struct wim_lookup_table_entry *lte,
-                    unsigned vol_flags)
+                    struct apply_args *args)
 {
        wchar_t *stream_path;
        HANDLE h;
        int ret;
        DWORD err;
        DWORD creationDisposition = CREATE_ALWAYS;
 {
        wchar_t *stream_path;
        HANDLE h;
        int ret;
        DWORD err;
        DWORD creationDisposition = CREATE_ALWAYS;
+       DWORD requestedAccess;
 
        if (stream_name_utf16) {
                /* Named stream.  Create a buffer that contains the UTF-16LE
 
        if (stream_name_utf16) {
                /* Named stream.  Create a buffer that contains the UTF-16LE
-                * string [.\]@path:@stream_name_utf16.  This is needed to
+                * string [./]path:stream_name_utf16.  This is needed to
                 * create and open the stream using CreateFileW().  I'm not
                 * aware of any other APIs to do this.  Note: the '$DATA' suffix
                 * seems to be unneeded.  Additional note: a "./" prefix needs
                 * create and open the stream using CreateFileW().  I'm not
                 * aware of any other APIs to do this.  Note: the '$DATA' suffix
                 * seems to be unneeded.  Additional note: a "./" prefix needs
@@ -1732,19 +1783,16 @@ win32_extract_stream(const struct wim_inode *inode,
                                }
                        }
                        DEBUG("Created directory \"%ls\"", stream_path);
                                }
                        }
                        DEBUG("Created directory \"%ls\"", stream_path);
-                       if (!inode_has_special_attributes(inode)) {
-                               ret = 0;
-                               goto out;
-                       }
-                       DEBUG("Directory \"%ls\" has special attributes!",
-                             stream_path);
                        creationDisposition = OPEN_EXISTING;
                }
        }
 
        DEBUG("Opening \"%ls\"", stream_path);
                        creationDisposition = OPEN_EXISTING;
                }
        }
 
        DEBUG("Opening \"%ls\"", stream_path);
+       requestedAccess = GENERIC_READ | GENERIC_WRITE |
+                         ACCESS_SYSTEM_SECURITY;
+try_open_again:
        h = CreateFileW(stream_path,
        h = CreateFileW(stream_path,
-                       GENERIC_READ | GENERIC_WRITE,
+                       requestedAccess,
                        0,
                        NULL,
                        creationDisposition,
                        0,
                        NULL,
                        creationDisposition,
@@ -1752,17 +1800,34 @@ win32_extract_stream(const struct wim_inode *inode,
                        NULL);
        if (h == INVALID_HANDLE_VALUE) {
                err = GetLastError();
                        NULL);
        if (h == INVALID_HANDLE_VALUE) {
                err = GetLastError();
+               if (err == ERROR_PRIVILEGE_NOT_HELD &&
+                   (requestedAccess & ACCESS_SYSTEM_SECURITY))
+               {
+                       requestedAccess &= ~ACCESS_SYSTEM_SECURITY;
+                       goto try_open_again;
+               }
                ERROR("Failed to create \"%ls\"", stream_path);
                win32_error(err);
                ret = WIMLIB_ERR_OPEN;
                goto fail;
        }
 
                ERROR("Failed to create \"%ls\"", stream_path);
                win32_error(err);
                ret = WIMLIB_ERR_OPEN;
                goto fail;
        }
 
-       if (stream_name_utf16 == NULL && inode_has_special_attributes(inode)) {
-               ret = win32_set_special_attributes(h, inode, lte, path,
-                                                  vol_flags);
-               if (ret)
-                       goto fail_close_handle;
+       if (stream_name_utf16 == NULL) {
+               if (inode->i_security_id >= 0 &&
+                   !(args->extract_flags & WIMLIB_EXTRACT_FLAG_NO_ACLS)
+                   && (args->vol_flags & FILE_PERSISTENT_ACLS))
+               {
+                       ret = win32_set_security_data(inode, h, path, args);
+                       if (ret)
+                               goto fail_close_handle;
+               }
+
+               if (inode_has_special_attributes(inode)) {
+                       ret = win32_set_special_attributes(h, inode, lte, path,
+                                                          args->vol_flags);
+                       if (ret)
+                               goto fail_close_handle;
+               }
        }
 
        if (!(inode->i_attributes & FILE_ATTRIBUTE_REPARSE_POINT)) {
        }
 
        if (!(inode->i_attributes & FILE_ATTRIBUTE_REPARSE_POINT)) {
@@ -1771,7 +1836,7 @@ win32_extract_stream(const struct wim_inode *inode,
                              stream_path, wim_resource_size(lte));
                        if (inode->i_attributes & FILE_ATTRIBUTE_ENCRYPTED
                            && stream_name_utf16 == NULL
                              stream_path, wim_resource_size(lte));
                        if (inode->i_attributes & FILE_ATTRIBUTE_ENCRYPTED
                            && stream_name_utf16 == NULL
-                           && (vol_flags & FILE_SUPPORTS_ENCRYPTION))
+                           && (args->vol_flags & FILE_SUPPORTS_ENCRYPTION))
                        {
                                ret = do_win32_extract_encrypted_stream(stream_path,
                                                                        lte);
                        {
                                ret = do_win32_extract_encrypted_stream(stream_path,
                                                                        lte);
@@ -1804,56 +1869,151 @@ out:
 /*
  * Creates a file, directory, or reparse point and extracts all streams to it
  * (unnamed data stream and/or reparse point stream, plus any alternate data
 /*
  * Creates a file, directory, or reparse point and extracts all streams to it
  * (unnamed data stream and/or reparse point stream, plus any alternate data
- * streams).  This in Win32-specific code.
+ * streams).
  *
  * @inode:     WIM inode for this file or directory.
  * @path:      UTF-16LE external path to extract the inode to.
  *
  * @inode:     WIM inode for this file or directory.
  * @path:      UTF-16LE external path to extract the inode to.
+ * @args:      Additional extraction context.
  *
  * Returns 0 on success; nonzero on failure.
  */
 static int
 win32_extract_streams(const struct wim_inode *inode,
  *
  * Returns 0 on success; nonzero on failure.
  */
 static int
 win32_extract_streams(const struct wim_inode *inode,
-                     const wchar_t *path, u64 *completed_bytes_p,
-                     unsigned vol_flags)
+                     const wchar_t *path, struct apply_args *args)
 {
        struct wim_lookup_table_entry *unnamed_lte;
        int ret;
 
 {
        struct wim_lookup_table_entry *unnamed_lte;
        int ret;
 
+       /* Extract the unnamed stream. */
+
        unnamed_lte = inode_unnamed_lte_resolved(inode);
        unnamed_lte = inode_unnamed_lte_resolved(inode);
-       ret = win32_extract_stream(inode, path, NULL, unnamed_lte,
-                                  vol_flags);
+       ret = win32_extract_stream(inode, path, NULL, unnamed_lte, args);
        if (ret)
                goto out;
        if (unnamed_lte && inode->i_extracted_file == NULL)
        if (ret)
                goto out;
        if (unnamed_lte && inode->i_extracted_file == NULL)
-               *completed_bytes_p += wim_resource_size(unnamed_lte);
+       {
+               args->progress.extract.completed_bytes +=
+                       wim_resource_size(unnamed_lte);
+       }
 
 
-       if (!(vol_flags & FILE_NAMED_STREAMS))
+       /* Extract any named streams, if supported by the volume. */
+
+       if (!(args->vol_flags & FILE_NAMED_STREAMS))
                goto out;
        for (u16 i = 0; i < inode->i_num_ads; i++) {
                const struct wim_ads_entry *ads_entry = &inode->i_ads_entries[i];
                goto out;
        for (u16 i = 0; i < inode->i_num_ads; i++) {
                const struct wim_ads_entry *ads_entry = &inode->i_ads_entries[i];
-               if (ads_entry->stream_name_nbytes != 0) {
-                       /* Skip special UNIX data entries (see documentation for
-                        * WIMLIB_ADD_IMAGE_FLAG_UNIX_DATA) */
-                       if (ads_entry->stream_name_nbytes == WIMLIB_UNIX_DATA_TAG_UTF16LE_NBYTES
-                           && !memcmp(ads_entry->stream_name,
-                                      WIMLIB_UNIX_DATA_TAG_UTF16LE,
-                                      WIMLIB_UNIX_DATA_TAG_UTF16LE_NBYTES))
-                               continue;
-                       ret = win32_extract_stream(inode,
-                                                  path,
-                                                  ads_entry->stream_name,
-                                                  ads_entry->lte,
-                                                  vol_flags);
-                       if (ret)
-                               break;
-                       if (ads_entry->lte && inode->i_extracted_file == NULL)
-                               *completed_bytes_p += wim_resource_size(ads_entry->lte);
+
+               /* Skip the unnamed stream if it's in the ADS entries (we
+                * already extracted it...) */
+               if (ads_entry->stream_name_nbytes == 0)
+                       continue;
+
+               /* Skip special UNIX data entries (see documentation for
+                * WIMLIB_ADD_IMAGE_FLAG_UNIX_DATA) */
+               if (ads_entry->stream_name_nbytes == WIMLIB_UNIX_DATA_TAG_UTF16LE_NBYTES
+                   && !memcmp(ads_entry->stream_name,
+                              WIMLIB_UNIX_DATA_TAG_UTF16LE,
+                              WIMLIB_UNIX_DATA_TAG_UTF16LE_NBYTES))
+                       continue;
+
+               /* Extract the named stream */
+               ret = win32_extract_stream(inode,
+                                          path,
+                                          ads_entry->stream_name,
+                                          ads_entry->lte,
+                                          args);
+               if (ret)
+                       break;
+
+               /* Tally the bytes extracted, unless this was supposed to be a
+                * hard link and we are extracting the data again only as a
+                * fallback. */
+               if (ads_entry->lte && inode->i_extracted_file == NULL)
+               {
+                       args->progress.extract.completed_bytes +=
+                               wim_resource_size(ads_entry->lte);
                }
        }
 out:
        return ret;
 }
 
                }
        }
 out:
        return ret;
 }
 
+static int
+win32_check_vol_flags(const wchar_t *output_path, struct apply_args *args)
+{
+       if (args->have_vol_flags)
+               return 0;
+
+       win32_get_vol_flags(output_path, &args->vol_flags);
+       args->have_vol_flags = true;
+       /* Warn the user about data that may not be extracted. */
+       if (!(args->vol_flags & FILE_SUPPORTS_SPARSE_FILES))
+               WARNING("Volume does not support sparse files!\n"
+                       "          Sparse files will be extracted as non-sparse.");
+       if (!(args->vol_flags & FILE_SUPPORTS_REPARSE_POINTS))
+               WARNING("Volume does not support reparse points!\n"
+                       "          Reparse point data will not be extracted.");
+       if (!(args->vol_flags & FILE_NAMED_STREAMS)) {
+               WARNING("Volume does not support named data streams!\n"
+                       "          Named data streams will not be extracted.");
+       }
+       if (!(args->vol_flags & FILE_SUPPORTS_ENCRYPTION)) {
+               WARNING("Volume does not support encryption!\n"
+                       "          Encrypted files will be extracted as raw data.");
+       }
+       if (!(args->vol_flags & FILE_FILE_COMPRESSION)) {
+               WARNING("Volume does not support transparent compression!\n"
+                       "          Compressed files will be extracted as non-compressed.");
+       }
+       if (!(args->vol_flags & FILE_PERSISTENT_ACLS)) {
+               if (args->extract_flags & WIMLIB_EXTRACT_FLAG_STRICT_ACLS) {
+                       ERROR("Strict ACLs requested, but the volume does not "
+                             "support ACLs!");
+                       return WIMLIB_ERR_VOLUME_LACKS_FEATURES;
+               } else {
+                       WARNING("Volume does not support persistent ACLS!\n"
+                               "          File permissions will not be extracted.");
+               }
+       }
+       return 0;
+}
+
+static int
+win32_try_hard_link(const wchar_t *output_path, const struct wim_inode *inode,
+                   struct apply_args *args)
+{
+       DWORD err;
+
+       /* There is a volume flag for this (FILE_SUPPORTS_HARD_LINKS),
+        * but it's only available on Windows 7 and later.  So no use
+        * even checking it, really.  Instead, CreateHardLinkW() will
+        * apparently return ERROR_INVALID_FUNCTION if the volume does
+        * not support hard links. */
+       DEBUG("Creating hard link \"%ls => %ls\"",
+             output_path, inode->i_extracted_file);
+       if (CreateHardLinkW(output_path, inode->i_extracted_file, NULL))
+               return 0;
+
+       err = GetLastError();
+       if (err != ERROR_INVALID_FUNCTION) {
+               ERROR("Can't create hard link \"%ls => %ls\"",
+                     output_path, inode->i_extracted_file);
+               win32_error(err);
+               return WIMLIB_ERR_LINK;
+       } else {
+               args->num_hard_links_failed++;
+               if (args->num_hard_links_failed < MAX_CREATE_HARD_LINK_WARNINGS) {
+                       WARNING("Can't create hard link \"%ls => %ls\":\n"
+                               "          Volume does not support hard links!\n"
+                               "          Falling back to extracting a copy of the file.",
+                               output_path, inode->i_extracted_file);
+               } else if (args->num_hard_links_failed == MAX_CREATE_HARD_LINK_WARNINGS) {
+                       WARNING("Suppressing further hard linking warnings...");
+               }
+               return -1;
+       }
+}
+
 /* Extract a file, directory, reparse point, or hard link to an
  * already-extracted file using the Win32 API */
 int
 /* Extract a file, directory, reparse point, or hard link to an
  * already-extracted file using the Win32 API */
 int
@@ -1864,73 +2024,17 @@ win32_do_apply_dentry(const wchar_t *output_path,
 {
        int ret;
        struct wim_inode *inode = dentry->d_inode;
 {
        int ret;
        struct wim_inode *inode = dentry->d_inode;
-       DWORD err;
-
-       if (!args->have_vol_flags) {
-               win32_get_vol_flags(output_path, &args->vol_flags);
-               args->have_vol_flags = true;
-               /* Warn the user about data that may not be extracted. */
-               if (!(args->vol_flags & FILE_SUPPORTS_SPARSE_FILES))
-                       WARNING("Volume does not support sparse files!\n"
-                               "          Sparse files will be extracted as non-sparse.");
-               if (!(args->vol_flags & FILE_SUPPORTS_REPARSE_POINTS))
-                       WARNING("Volume does not support reparse points!\n"
-                               "          Reparse point data will not be extracted.");
-               if (!(args->vol_flags & FILE_NAMED_STREAMS)) {
-                       WARNING("Volume does not support named data streams!\n"
-                               "          Named data streams will not be extracted.");
-               }
-               if (!(args->vol_flags & FILE_SUPPORTS_ENCRYPTION)) {
-                       WARNING("Volume does not support encryption!\n"
-                               "          Encrypted files will be extracted as raw data.");
-               }
-               if (!(args->vol_flags & FILE_FILE_COMPRESSION)) {
-                       WARNING("Volume does not support transparent compression!\n"
-                               "          Compressed files will be extracted as non-compressed.");
-               }
-               if (!(args->vol_flags & FILE_PERSISTENT_ACLS)) {
-                       if (args->extract_flags & WIMLIB_EXTRACT_FLAG_STRICT_ACLS) {
-                               ERROR("Strict ACLs requested, but the volume does not "
-                                     "support ACLs!");
-                               return WIMLIB_ERR_VOLUME_LACKS_FEATURES;
-                       } else {
-                               WARNING("Volume does not support persistent ACLS!\n"
-                                       "          File permissions will not be extracted.");
-                       }
-               }
-       }
 
 
+       ret = win32_check_vol_flags(output_path, args);
+       if (ret)
+               return ret;
        if (inode->i_nlink > 1 && inode->i_extracted_file != NULL) {
                /* Linked file, with another name already extracted.  Create a
                 * hard link. */
        if (inode->i_nlink > 1 && inode->i_extracted_file != NULL) {
                /* Linked file, with another name already extracted.  Create a
                 * hard link. */
-
-               /* There is a volume flag for this (FILE_SUPPORTS_HARD_LINKS),
-                * but it's only available on Windows 7 and later.  So no use
-                * even checking it, really.  Instead, CreateHardLinkW() will
-                * apparently return ERROR_INVALID_FUNCTION if the volume does
-                * not support hard links. */
-               DEBUG("Creating hard link \"%ls => %ls\"",
-                     output_path, inode->i_extracted_file);
-               if (CreateHardLinkW(output_path, inode->i_extracted_file, NULL))
-                       return 0;
-
-               err = GetLastError();
-               if (err != ERROR_INVALID_FUNCTION) {
-                       ERROR("Can't create hard link \"%ls => %ls\"",
-                             output_path, inode->i_extracted_file);
-                       win32_error(err);
-                       return WIMLIB_ERR_LINK;
-               } else {
-                       args->num_hard_links_failed++;
-                       if (args->num_hard_links_failed < MAX_CREATE_HARD_LINK_WARNINGS) {
-                               WARNING("Can't create hard link \"%ls => %ls\":\n"
-                                       "          Volume does not support hard links!\n"
-                                       "          Falling back to extracting a copy of the file.",
-                                       output_path, inode->i_extracted_file);
-                       } else if (args->num_hard_links_failed == MAX_CREATE_HARD_LINK_WARNINGS) {
-                               WARNING("Suppressing further hard linking warnings...");
-                       }
-               }
+               ret = win32_try_hard_link(output_path, inode, args);
+               if (ret >= 0)
+                       return ret;
+               /* Falling back to extracting copy of file */
        }
 
        if (inode->i_attributes & FILE_ATTRIBUTE_REPARSE_POINT &&
        }
 
        if (inode->i_attributes & FILE_ATTRIBUTE_REPARSE_POINT &&
@@ -1948,20 +2052,10 @@ win32_do_apply_dentry(const wchar_t *output_path,
 
        /* Create the file, directory, or reparse point, and extract the
         * data streams. */
 
        /* Create the file, directory, or reparse point, and extract the
         * data streams. */
-       ret = win32_extract_streams(inode, output_path,
-                                   &args->progress.extract.completed_bytes,
-                                   args->vol_flags);
+       ret = win32_extract_streams(inode, output_path, args);
        if (ret)
                return ret;
 
        if (ret)
                return ret;
 
-       if (inode->i_security_id >= 0 &&
-           !(args->extract_flags & WIMLIB_EXTRACT_FLAG_NO_ACLS)
-           && (args->vol_flags & FILE_PERSISTENT_ACLS))
-       {
-               ret = win32_set_security_data(inode, output_path, args);
-               if (ret)
-                       return ret;
-       }
        if (inode->i_nlink > 1) {
                /* Save extracted path for a later call to
                 * CreateHardLinkW() if this inode has multiple links.
        if (inode->i_nlink > 1) {
                /* Save extracted path for a later call to
                 * CreateHardLinkW() if this inode has multiple links.
@@ -1970,7 +2064,7 @@ win32_do_apply_dentry(const wchar_t *output_path,
                if (!inode->i_extracted_file)
                        ret = WIMLIB_ERR_NOMEM;
        }
                if (!inode->i_extracted_file)
                        ret = WIMLIB_ERR_NOMEM;
        }
-       return 0;
+       return ret;
 }
 
 /* Set timestamps on an extracted file using the Win32 API */
 }
 
 /* Set timestamps on an extracted file using the Win32 API */