mirror of
https://github.com/octoleo/restic.git
synced 2024-12-29 05:13:09 +00:00
453 lines
16 KiB
Go
453 lines
16 KiB
Go
package fs
|
|
|
|
import (
|
|
"encoding/json"
|
|
"fmt"
|
|
"path/filepath"
|
|
"reflect"
|
|
"strings"
|
|
"sync"
|
|
"syscall"
|
|
"unsafe"
|
|
|
|
"github.com/restic/restic/internal/debug"
|
|
"github.com/restic/restic/internal/errors"
|
|
"github.com/restic/restic/internal/restic"
|
|
"golang.org/x/sys/windows"
|
|
)
|
|
|
|
var (
|
|
modAdvapi32 = syscall.NewLazyDLL("advapi32.dll")
|
|
procEncryptFile = modAdvapi32.NewProc("EncryptFileW")
|
|
procDecryptFile = modAdvapi32.NewProc("DecryptFileW")
|
|
|
|
// eaSupportedVolumesMap is a map of volumes to boolean values indicating if they support extended attributes.
|
|
eaSupportedVolumesMap = sync.Map{}
|
|
)
|
|
|
|
const (
|
|
extendedPathPrefix = `\\?\`
|
|
uncPathPrefix = `\\?\UNC\`
|
|
globalRootPrefix = `\\?\GLOBALROOT\`
|
|
volumeGUIDPrefix = `\\?\Volume{`
|
|
)
|
|
|
|
// mknod is not supported on Windows.
|
|
func mknod(_ string, _ uint32, _ uint64) (err error) {
|
|
return errors.New("device nodes cannot be created on windows")
|
|
}
|
|
|
|
// Windows doesn't need lchown
|
|
func lchown(_ string, _ int, _ int) (err error) {
|
|
return nil
|
|
}
|
|
|
|
// restoreSymlinkTimestamps restores timestamps for symlinks
|
|
func nodeRestoreSymlinkTimestamps(path string, utimes [2]syscall.Timespec) error {
|
|
// tweaked version of UtimesNano from go/src/syscall/syscall_windows.go
|
|
pathp, e := syscall.UTF16PtrFromString(fixpath(path))
|
|
if e != nil {
|
|
return e
|
|
}
|
|
h, e := syscall.CreateFile(pathp,
|
|
syscall.FILE_WRITE_ATTRIBUTES, syscall.FILE_SHARE_WRITE, nil, syscall.OPEN_EXISTING,
|
|
syscall.FILE_FLAG_BACKUP_SEMANTICS|syscall.FILE_FLAG_OPEN_REPARSE_POINT, 0)
|
|
if e != nil {
|
|
return e
|
|
}
|
|
|
|
defer func() {
|
|
err := syscall.Close(h)
|
|
if err != nil {
|
|
debug.Log("Error closing file handle for %s: %v\n", path, err)
|
|
}
|
|
}()
|
|
|
|
a := syscall.NsecToFiletime(syscall.TimespecToNsec(utimes[0]))
|
|
w := syscall.NsecToFiletime(syscall.TimespecToNsec(utimes[1]))
|
|
return syscall.SetFileTime(h, nil, &a, &w)
|
|
}
|
|
|
|
// restore extended attributes for windows
|
|
func nodeRestoreExtendedAttributes(node *restic.Node, path string) (err error) {
|
|
count := len(node.ExtendedAttributes)
|
|
if count > 0 {
|
|
eas := make([]extendedAttribute, count)
|
|
for i, attr := range node.ExtendedAttributes {
|
|
eas[i] = extendedAttribute{Name: attr.Name, Value: attr.Value}
|
|
}
|
|
if errExt := restoreExtendedAttributes(node.Type, path, eas); errExt != nil {
|
|
return errExt
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// fill extended attributes in the node. This also includes the Generic attributes for windows.
|
|
func nodeFillExtendedAttributes(node *restic.Node, path string, _ bool) (err error) {
|
|
var fileHandle windows.Handle
|
|
if fileHandle, err = openHandleForEA(node.Type, path, false); fileHandle == 0 {
|
|
return nil
|
|
}
|
|
if err != nil {
|
|
return errors.Errorf("get EA failed while opening file handle for path %v, with: %v", path, err)
|
|
}
|
|
defer closeFileHandle(fileHandle, path) // Replaced inline defer with named function call
|
|
//Get the windows Extended Attributes using the file handle
|
|
var extAtts []extendedAttribute
|
|
extAtts, err = fgetEA(fileHandle)
|
|
debug.Log("fillExtendedAttributes(%v) %v", path, extAtts)
|
|
if err != nil {
|
|
return errors.Errorf("get EA failed for path %v, with: %v", path, err)
|
|
}
|
|
if len(extAtts) == 0 {
|
|
return nil
|
|
}
|
|
|
|
//Fill the ExtendedAttributes in the node using the name/value pairs in the windows EA
|
|
for _, attr := range extAtts {
|
|
extendedAttr := restic.ExtendedAttribute{
|
|
Name: attr.Name,
|
|
Value: attr.Value,
|
|
}
|
|
|
|
node.ExtendedAttributes = append(node.ExtendedAttributes, extendedAttr)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// closeFileHandle safely closes a file handle and logs any errors.
|
|
func closeFileHandle(fileHandle windows.Handle, path string) {
|
|
err := windows.CloseHandle(fileHandle)
|
|
if err != nil {
|
|
debug.Log("Error closing file handle for %s: %v\n", path, err)
|
|
}
|
|
}
|
|
|
|
// restoreExtendedAttributes handles restore of the Windows Extended Attributes to the specified path.
|
|
// The Windows API requires setting of all the Extended Attributes in one call.
|
|
func restoreExtendedAttributes(nodeType restic.NodeType, path string, eas []extendedAttribute) (err error) {
|
|
var fileHandle windows.Handle
|
|
if fileHandle, err = openHandleForEA(nodeType, path, true); fileHandle == 0 {
|
|
return nil
|
|
}
|
|
if err != nil {
|
|
return errors.Errorf("set EA failed while opening file handle for path %v, with: %v", path, err)
|
|
}
|
|
defer closeFileHandle(fileHandle, path) // Replaced inline defer with named function call
|
|
|
|
// clear old unexpected xattrs by setting them to an empty value
|
|
oldEAs, err := fgetEA(fileHandle)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
for _, oldEA := range oldEAs {
|
|
found := false
|
|
for _, ea := range eas {
|
|
if strings.EqualFold(ea.Name, oldEA.Name) {
|
|
found = true
|
|
break
|
|
}
|
|
}
|
|
|
|
if !found {
|
|
eas = append(eas, extendedAttribute{Name: oldEA.Name, Value: nil})
|
|
}
|
|
}
|
|
|
|
if err = fsetEA(fileHandle, eas); err != nil {
|
|
return errors.Errorf("set EA failed for path %v, with: %v", path, err)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// restoreGenericAttributes restores generic attributes for Windows
|
|
func nodeRestoreGenericAttributes(node *restic.Node, path string, warn func(msg string)) (err error) {
|
|
if len(node.GenericAttributes) == 0 {
|
|
return nil
|
|
}
|
|
var errs []error
|
|
windowsAttributes, unknownAttribs, err := genericAttributesToWindowsAttrs(node.GenericAttributes)
|
|
if err != nil {
|
|
return fmt.Errorf("error parsing generic attribute for: %s : %v", path, err)
|
|
}
|
|
if windowsAttributes.CreationTime != nil {
|
|
if err := restoreCreationTime(path, windowsAttributes.CreationTime); err != nil {
|
|
errs = append(errs, fmt.Errorf("error restoring creation time for: %s : %v", path, err))
|
|
}
|
|
}
|
|
if windowsAttributes.FileAttributes != nil {
|
|
if err := restoreFileAttributes(path, windowsAttributes.FileAttributes); err != nil {
|
|
errs = append(errs, fmt.Errorf("error restoring file attributes for: %s : %v", path, err))
|
|
}
|
|
}
|
|
if windowsAttributes.SecurityDescriptor != nil {
|
|
if err := setSecurityDescriptor(path, windowsAttributes.SecurityDescriptor); err != nil {
|
|
errs = append(errs, fmt.Errorf("error restoring security descriptor for: %s : %v", path, err))
|
|
}
|
|
}
|
|
|
|
restic.HandleUnknownGenericAttributesFound(unknownAttribs, warn)
|
|
return errors.CombineErrors(errs...)
|
|
}
|
|
|
|
// genericAttributesToWindowsAttrs converts the generic attributes map to a WindowsAttributes and also returns a string of unknown attributes that it could not convert.
|
|
func genericAttributesToWindowsAttrs(attrs map[restic.GenericAttributeType]json.RawMessage) (windowsAttributes restic.WindowsAttributes, unknownAttribs []restic.GenericAttributeType, err error) {
|
|
waValue := reflect.ValueOf(&windowsAttributes).Elem()
|
|
unknownAttribs, err = restic.GenericAttributesToOSAttrs(attrs, reflect.TypeOf(windowsAttributes), &waValue, "windows")
|
|
return windowsAttributes, unknownAttribs, err
|
|
}
|
|
|
|
// restoreCreationTime gets the creation time from the data and sets it to the file/folder at
|
|
// the specified path.
|
|
func restoreCreationTime(path string, creationTime *syscall.Filetime) (err error) {
|
|
pathPointer, err := syscall.UTF16PtrFromString(path)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
handle, err := syscall.CreateFile(pathPointer,
|
|
syscall.FILE_WRITE_ATTRIBUTES, syscall.FILE_SHARE_WRITE, nil,
|
|
syscall.OPEN_EXISTING, syscall.FILE_FLAG_BACKUP_SEMANTICS, 0)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer func() {
|
|
if err := syscall.Close(handle); err != nil {
|
|
debug.Log("Error closing file handle for %s: %v\n", path, err)
|
|
}
|
|
}()
|
|
return syscall.SetFileTime(handle, creationTime, nil, nil)
|
|
}
|
|
|
|
// restoreFileAttributes gets the File Attributes from the data and sets them to the file/folder
|
|
// at the specified path.
|
|
func restoreFileAttributes(path string, fileAttributes *uint32) (err error) {
|
|
pathPointer, err := syscall.UTF16PtrFromString(path)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
err = fixEncryptionAttribute(path, fileAttributes, pathPointer)
|
|
if err != nil {
|
|
debug.Log("Could not change encryption attribute for path: %s: %v", path, err)
|
|
}
|
|
return syscall.SetFileAttributes(pathPointer, *fileAttributes)
|
|
}
|
|
|
|
// fixEncryptionAttribute checks if a file needs to be marked encrypted and is not already encrypted, it sets
|
|
// the FILE_ATTRIBUTE_ENCRYPTED. Conversely, if the file needs to be marked unencrypted and it is already
|
|
// marked encrypted, it removes the FILE_ATTRIBUTE_ENCRYPTED.
|
|
func fixEncryptionAttribute(path string, attrs *uint32, pathPointer *uint16) (err error) {
|
|
if *attrs&windows.FILE_ATTRIBUTE_ENCRYPTED != 0 {
|
|
// File should be encrypted.
|
|
err = encryptFile(pathPointer)
|
|
if err != nil {
|
|
if IsAccessDenied(err) || errors.Is(err, windows.ERROR_FILE_READ_ONLY) {
|
|
// If existing file already has readonly or system flag, encrypt file call fails.
|
|
// The readonly and system flags will be set again at the end of this func if they are needed.
|
|
err = ResetPermissions(path)
|
|
if err != nil {
|
|
return fmt.Errorf("failed to encrypt file: failed to reset permissions: %s : %v", path, err)
|
|
}
|
|
err = clearSystem(path)
|
|
if err != nil {
|
|
return fmt.Errorf("failed to encrypt file: failed to clear system flag: %s : %v", path, err)
|
|
}
|
|
err = encryptFile(pathPointer)
|
|
if err != nil {
|
|
return fmt.Errorf("failed retry to encrypt file: %s : %v", path, err)
|
|
}
|
|
} else {
|
|
return fmt.Errorf("failed to encrypt file: %s : %v", path, err)
|
|
}
|
|
}
|
|
} else {
|
|
existingAttrs, err := windows.GetFileAttributes(pathPointer)
|
|
if err != nil {
|
|
return fmt.Errorf("failed to get file attributes for existing file: %s : %v", path, err)
|
|
}
|
|
if existingAttrs&windows.FILE_ATTRIBUTE_ENCRYPTED != 0 {
|
|
// File should not be encrypted, but its already encrypted. Decrypt it.
|
|
err = decryptFile(pathPointer)
|
|
if err != nil {
|
|
if IsAccessDenied(err) || errors.Is(err, windows.ERROR_FILE_READ_ONLY) {
|
|
// If existing file already has readonly or system flag, decrypt file call fails.
|
|
// The readonly and system flags will be set again after this func if they are needed.
|
|
err = ResetPermissions(path)
|
|
if err != nil {
|
|
return fmt.Errorf("failed to encrypt file: failed to reset permissions: %s : %v", path, err)
|
|
}
|
|
err = clearSystem(path)
|
|
if err != nil {
|
|
return fmt.Errorf("failed to decrypt file: failed to clear system flag: %s : %v", path, err)
|
|
}
|
|
err = decryptFile(pathPointer)
|
|
if err != nil {
|
|
return fmt.Errorf("failed retry to decrypt file: %s : %v", path, err)
|
|
}
|
|
} else {
|
|
return fmt.Errorf("failed to decrypt file: %s : %v", path, err)
|
|
}
|
|
}
|
|
}
|
|
}
|
|
return err
|
|
}
|
|
|
|
// encryptFile set the encrypted flag on the file.
|
|
func encryptFile(pathPointer *uint16) error {
|
|
// Call EncryptFile function
|
|
ret, _, err := procEncryptFile.Call(uintptr(unsafe.Pointer(pathPointer)))
|
|
if ret == 0 {
|
|
return err
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// decryptFile removes the encrypted flag from the file.
|
|
func decryptFile(pathPointer *uint16) error {
|
|
// Call DecryptFile function
|
|
ret, _, err := procDecryptFile.Call(uintptr(unsafe.Pointer(pathPointer)))
|
|
if ret == 0 {
|
|
return err
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// nodeFillGenericAttributes fills in the generic attributes for windows like File Attributes,
|
|
// Created time and Security Descriptors.
|
|
// It also checks if the volume supports extended attributes and stores the result in a map
|
|
// so that it does not have to be checked again for subsequent calls for paths in the same volume.
|
|
func nodeFillGenericAttributes(node *restic.Node, path string, stat *ExtendedFileInfo) (allowExtended bool, err error) {
|
|
if strings.Contains(filepath.Base(path), ":") {
|
|
// Do not process for Alternate Data Streams in Windows
|
|
// Also do not allow processing of extended attributes for ADS.
|
|
return false, nil
|
|
}
|
|
|
|
if strings.HasSuffix(filepath.Clean(path), `\`) {
|
|
// filepath.Clean(path) ends with '\' for Windows root volume paths only
|
|
// Do not process file attributes, created time and sd for windows root volume paths
|
|
// Security descriptors are not supported for root volume paths.
|
|
// Though file attributes and created time are supported for root volume paths,
|
|
// we ignore them and we do not want to replace them during every restore.
|
|
allowExtended, err = checkAndStoreEASupport(path)
|
|
if err != nil {
|
|
return false, err
|
|
}
|
|
return allowExtended, nil
|
|
}
|
|
|
|
var sd *[]byte
|
|
if node.Type == restic.NodeTypeFile || node.Type == restic.NodeTypeDir {
|
|
// Check EA support and get security descriptor for file/dir only
|
|
allowExtended, err = checkAndStoreEASupport(path)
|
|
if err != nil {
|
|
return false, err
|
|
}
|
|
if sd, err = getSecurityDescriptor(path); err != nil {
|
|
return allowExtended, err
|
|
}
|
|
}
|
|
|
|
winFI := stat.Sys().(*syscall.Win32FileAttributeData)
|
|
|
|
// Add Windows attributes
|
|
node.GenericAttributes, err = restic.WindowsAttrsToGenericAttributes(restic.WindowsAttributes{
|
|
CreationTime: &winFI.CreationTime,
|
|
FileAttributes: &winFI.FileAttributes,
|
|
SecurityDescriptor: sd,
|
|
})
|
|
return allowExtended, err
|
|
}
|
|
|
|
// checkAndStoreEASupport checks if the volume of the path supports extended attributes and stores the result in a map
|
|
// If the result is already in the map, it returns the result from the map.
|
|
func checkAndStoreEASupport(path string) (isEASupportedVolume bool, err error) {
|
|
var volumeName string
|
|
volumeName, err = prepareVolumeName(path)
|
|
if err != nil {
|
|
return false, err
|
|
}
|
|
|
|
if volumeName != "" {
|
|
// First check if the manually prepared volume name is already in the map
|
|
eaSupportedValue, exists := eaSupportedVolumesMap.Load(volumeName)
|
|
if exists {
|
|
// Cache hit, immediately return the cached value
|
|
return eaSupportedValue.(bool), nil
|
|
}
|
|
// If not found, check if EA is supported with manually prepared volume name
|
|
isEASupportedVolume, err = pathSupportsExtendedAttributes(volumeName + `\`)
|
|
// If the prepared volume name is not valid, we will fetch the actual volume name next.
|
|
if err != nil && !errors.Is(err, windows.DNS_ERROR_INVALID_NAME) {
|
|
debug.Log("Error checking if extended attributes are supported for prepared volume name %s: %v", volumeName, err)
|
|
// There can be multiple errors like path does not exist, bad network path, etc.
|
|
// We just gracefully disallow extended attributes for cases.
|
|
return false, nil
|
|
}
|
|
}
|
|
// If an entry is not found, get the actual volume name
|
|
volumeNameActual, err := getVolumePathName(path)
|
|
if err != nil {
|
|
debug.Log("Error getting actual volume name %s for path %s: %v", volumeName, path, err)
|
|
// There can be multiple errors like path does not exist, bad network path, etc.
|
|
// We just gracefully disallow extended attributes for cases.
|
|
return false, nil
|
|
}
|
|
if volumeNameActual != volumeName {
|
|
// If the actual volume name is different, check cache for the actual volume name
|
|
eaSupportedValue, exists := eaSupportedVolumesMap.Load(volumeNameActual)
|
|
if exists {
|
|
// Cache hit, immediately return the cached value
|
|
return eaSupportedValue.(bool), nil
|
|
}
|
|
// If the actual volume name is different and is not in the map, again check if the new volume supports extended attributes with the actual volume name
|
|
isEASupportedVolume, err = pathSupportsExtendedAttributes(volumeNameActual + `\`)
|
|
// Debug log for cases where the prepared volume name is not valid
|
|
if err != nil {
|
|
debug.Log("Error checking if extended attributes are supported for actual volume name %s: %v", volumeNameActual, err)
|
|
// There can be multiple errors like path does not exist, bad network path, etc.
|
|
// We just gracefully disallow extended attributes for cases.
|
|
return false, nil
|
|
} else {
|
|
debug.Log("Checking extended attributes. Prepared volume name: %s, actual volume name: %s, isEASupportedVolume: %v, err: %v", volumeName, volumeNameActual, isEASupportedVolume, err)
|
|
}
|
|
}
|
|
if volumeNameActual != "" {
|
|
eaSupportedVolumesMap.Store(volumeNameActual, isEASupportedVolume)
|
|
}
|
|
return isEASupportedVolume, err
|
|
}
|
|
|
|
// prepareVolumeName prepares the volume name for different cases in Windows
|
|
func prepareVolumeName(path string) (volumeName string, err error) {
|
|
// Check if it's an extended length path
|
|
if strings.HasPrefix(path, globalRootPrefix) {
|
|
// Extract the VSS snapshot volume name eg. `\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopyXX`
|
|
if parts := strings.SplitN(path, `\`, 7); len(parts) >= 6 {
|
|
volumeName = strings.Join(parts[:6], `\`)
|
|
} else {
|
|
volumeName = filepath.VolumeName(path)
|
|
}
|
|
} else {
|
|
if !strings.HasPrefix(path, volumeGUIDPrefix) { // Handle volume GUID path
|
|
if strings.HasPrefix(path, uncPathPrefix) {
|
|
// Convert \\?\UNC\ extended path to standard path to get the volume name correctly
|
|
path = `\\` + path[len(uncPathPrefix):]
|
|
} else if strings.HasPrefix(path, extendedPathPrefix) {
|
|
//Extended length path prefix needs to be trimmed to get the volume name correctly
|
|
path = path[len(extendedPathPrefix):]
|
|
} else {
|
|
// Use the absolute path
|
|
path, err = filepath.Abs(path)
|
|
if err != nil {
|
|
return "", fmt.Errorf("failed to get absolute path: %w", err)
|
|
}
|
|
}
|
|
}
|
|
volumeName = filepath.VolumeName(path)
|
|
}
|
|
return volumeName, nil
|
|
}
|