Win32: Acquire/release appropriate privileges

diff --git a/src/add_image.c b/src/add_image.c
index 5b51f493ea78e597375259ee7345be6222ae98ea..0ae57361af3f5822137af62e4eca2d978e1a86b9 100644 (file)
--- a/src/add_image.c
+++ b/src/add_image.c
@@ -536,6 +536,7 @@ out_find_close:
        FindClose(hFind);
        return ret;
 }
        FindClose(hFind);
        return ret;
 }

+

 #endif
 
 /*
 #endif
 
 /*


@@ -939,11 +940,11 @@ static int build_dentry_tree(struct wim_dentry **root_ret,
        }
 out_close_handle:
        CloseHandle(hFile);
        }
 out_close_handle:
        CloseHandle(hFile);

+out_free_path_utf16:
+       FREE(path_utf16);

 out_destroy_sd_set:
        if (extra_arg == NULL)
                destroy_sd_set(sd_set);
 out_destroy_sd_set:
        if (extra_arg == NULL)
                destroy_sd_set(sd_set);

-out_free_path_utf16:
-       FREE(path_utf16);

 #endif
        /* The below lines of code are common to both UNIX and Win32 builds.  It
         * simply returns the captured directory tree if the capture was
 #endif
        /* The below lines of code are common to both UNIX and Win32 builds.  It
         * simply returns the captured directory tree if the capture was


@@ -1544,6 +1545,11 @@ WIMLIBAPI int wimlib_add_image_multisource(WIMStruct *w,
        } else {
                size_t i;
 
        } else {
                size_t i;
 

+#if defined(__CYGWIN__) || defined(__WIN32__)
+               win32_acquire_privilege(SE_BACKUP_NAME);
+               win32_acquire_privilege(SE_SECURITY_NAME);
+               win32_acquire_privilege(SE_TAKE_OWNERSHIP_NAME);
+#endif

                root_dentry = NULL;
                i = 0;
                do {
                root_dentry = NULL;
                i = 0;
                do {


@@ -1637,6 +1643,11 @@ out_free_security_data:
 out_destroy_capture_config:
        destroy_capture_config(&config);
 out:
 out_destroy_capture_config:
        destroy_capture_config(&config);
 out:

+#if defined(__CYGWIN__) || defined(__WIN32__)
+       win32_release_privilege(SE_BACKUP_NAME);
+       win32_release_privilege(SE_SECURITY_NAME);
+       win32_release_privilege(SE_TAKE_OWNERSHIP_NAME);
+#endif

        return ret;
 }
 
        return ret;
 }
 

diff --git a/src/extract_image.c b/src/extract_image.c
index 6fb944272d65634e7d1c8e2c9eda6132901300d0..8e5d130ec07df2b152114ffc3f8c6db1a966dc41 100644 (file)
--- a/src/extract_image.c
+++ b/src/extract_image.c
@@ -775,7 +775,6 @@ static int apply_dentry_timestamps_normal(struct wim_dentry *dentry, void *arg)
        size_t utf16_path_len;
        DWORD err;
        HANDLE h;
        size_t utf16_path_len;
        DWORD err;
        HANDLE h;

-       BOOL bret1, bret2;

 
        ret = utf8_to_utf16(output_path, len, &utf16_path, &utf16_path_len);
        if (ret)
 
        ret = utf8_to_utf16(output_path, len, &utf16_path, &utf16_path_len);
        if (ret)


@@ -1319,6 +1318,11 @@ WIMLIBAPI int wimlib_extract_image(WIMStruct *w,
                w->lookup_table = joined_tab;
        }
 
                w->lookup_table = joined_tab;
        }
 

+#if defined(__CYGWIN__) || defined(__WIN32__)
+       win32_acquire_privilege(SE_RESTORE_NAME);
+       win32_acquire_privilege(SE_SECURITY_NAME);
+       win32_acquire_privilege(SE_TAKE_OWNERSHIP_NAME);
+#endif

        if (image == WIMLIB_ALL_IMAGES) {
                extract_flags |= WIMLIB_EXTRACT_FLAG_MULTI_IMAGE;
                ret = extract_all_images(w, target, extract_flags,
        if (image == WIMLIB_ALL_IMAGES) {
                extract_flags |= WIMLIB_EXTRACT_FLAG_MULTI_IMAGE;
                ret = extract_all_images(w, target, extract_flags,


@@ -1328,6 +1332,11 @@ WIMLIBAPI int wimlib_extract_image(WIMStruct *w,
                ret = extract_single_image(w, image, target, extract_flags,
                                           progress_func);
        }
                ret = extract_single_image(w, image, target, extract_flags,
                                           progress_func);
        }

+#if defined(__CYGWIN__) || defined(__WIN32__)
+       win32_release_privilege(SE_RESTORE_NAME);
+       win32_release_privilege(SE_SECURITY_NAME);
+       win32_release_privilege(SE_TAKE_OWNERSHIP_NAME);
+#endif

 
        if (extract_flags & (WIMLIB_EXTRACT_FLAG_SYMLINK |
                             WIMLIB_EXTRACT_FLAG_HARDLINK))
 
        if (extract_flags & (WIMLIB_EXTRACT_FLAG_SYMLINK |
                             WIMLIB_EXTRACT_FLAG_HARDLINK))

diff --git a/src/wimlib_internal.h b/src/wimlib_internal.h
index 193abc5ee220fa2bd31d7bfa1ec5c5c003a4f7da..5a076a5c7d3bd2ca0a4cef8557979c4d2f9e1b33 100644 (file)
--- a/src/wimlib_internal.h
+++ b/src/wimlib_internal.h
@@ -535,6 +535,8 @@ extern int win32_read_file(const char *filename, void *handle, u64 offset,
                           size_t size, u8 *buf);
 extern void *win32_open_file_readonly(const void *path_utf16);
 extern void win32_close_file(void *handle);
                           size_t size, u8 *buf);
 extern void *win32_open_file_readonly(const void *path_utf16);
 extern void win32_close_file(void *handle);

+extern bool win32_acquire_privilege(const char *privilege);
+extern bool win32_release_privilege(const char *privilege);

 #ifdef ENABLE_ERROR_MESSAGES
 extern void win32_error(u32 err);
 #else
 #ifdef ENABLE_ERROR_MESSAGES
 extern void win32_error(u32 err);
 #else

diff --git a/src/win32.c b/src/win32.c
index 7868b5fad4793fc91a5c89920df71fe685f17f13..3ac8deca0ba2dd4934488e386ae17e3812224b4a 100644 (file)
--- a/src/win32.c
+++ b/src/win32.c
@@ -68,4 +68,57 @@ void win32_close_file(void *handle)
        CloseHandle((HANDLE)handle);
 }
 
        CloseHandle((HANDLE)handle);
 }
 

+static bool win32_modify_privilege(const char *privilege, bool enable)
+{
+       HANDLE hToken;
+       LUID luid;
+       TOKEN_PRIVILEGES newState;
+       bool ret = false;
+
+       DEBUG("%s privilege %s",
+             enable ? "Enabling" : "Disabling", privilege);
+
+       if (!OpenProcessToken(GetCurrentProcess(),
+                             TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,
+                             &hToken))
+       {
+               DEBUG("OpenProcessToken() failed");
+               goto out;
+       }
+
+       if (!LookupPrivilegeValue(NULL, privilege, &luid)) {
+               DEBUG("LookupPrivilegeValue() failed");
+               goto out;
+       }
+
+       newState.PrivilegeCount = 1;
+       newState.Privileges[0].Luid = luid;
+       newState.Privileges[0].Attributes = (enable ? SE_PRIVILEGE_ENABLED : 0);
+       ret = AdjustTokenPrivileges(hToken, FALSE, &newState, 0, NULL, NULL);
+       if (!ret)
+               DEBUG("AdjustTokenPrivileges() failed");
+       CloseHandle(hToken);
+out:
+       if (!ret) {
+               DWORD err = GetLastError();
+               win32_error(err);
+               WARNING("Failed to %s privilege %s",
+                       enable ? "enable" : "disable", privilege);
+               WARNING("The program will continue, but if permission issues are "
+                       "encountered, you may need to run this program as the administrator");
+       }
+       return ret;
+}
+
+bool win32_acquire_privilege(const char *privilege)
+{
+       return win32_modify_privilege(privilege, true);
+}
+
+bool win32_release_privilege(const char *privilege)
+{
+       return win32_modify_privilege(privilege, false);
+}
+
+

 #endif /* __CYGWIN__ || __WIN32__ */
 #endif /* __CYGWIN__ || __WIN32__ */