mirror of
https://github.com/veracrypt/VeraCrypt
synced 2024-11-30 15:03:31 +01:00
Windows: Better way to enable required privileges for FastCreate Options
If we can set required privilege, we ask the user using UAC to enable them.
This commit is contained in:
parent
eb2f5f33c9
commit
8c7962bda7
@ -497,3 +497,8 @@ DWORD BaseCom::NotifyService(DWORD dwNotifyCode)
|
|||||||
{
|
{
|
||||||
return SendServiceNotification(dwNotifyCode);
|
return SendServiceNotification(dwNotifyCode);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
DWORD BaseCom::FastFileResize (BSTR filePath, __int64 fileSize)
|
||||||
|
{
|
||||||
|
return ::FastResizeFile (filePath, fileSize);
|
||||||
|
}
|
||||||
|
@ -120,6 +120,7 @@ class BaseCom
|
|||||||
static DWORD UpdateSetupConfigFile (BOOL bForInstall);
|
static DWORD UpdateSetupConfigFile (BOOL bForInstall);
|
||||||
static DWORD GetSecureBootConfig (BOOL* pSecureBootEnabled, BOOL *pVeraCryptKeysLoaded);
|
static DWORD GetSecureBootConfig (BOOL* pSecureBootEnabled, BOOL *pVeraCryptKeysLoaded);
|
||||||
static DWORD NotifyService (DWORD dwNotifyCode);
|
static DWORD NotifyService (DWORD dwNotifyCode);
|
||||||
|
static DWORD FastFileResize (BSTR filePath, __int64 fileSize);
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -13977,6 +13977,41 @@ BOOL SetPrivilege(LPTSTR szPrivilegeName, BOOL bEnable)
|
|||||||
return bRet;
|
return bRet;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
BOOL IsPrivilegeEnabled (LPTSTR szPrivilegeName)
|
||||||
|
{
|
||||||
|
HANDLE hToken;
|
||||||
|
TOKEN_PRIVILEGES tkp;
|
||||||
|
BOOL bRet = FALSE;
|
||||||
|
DWORD dwLastError = 0;
|
||||||
|
|
||||||
|
if (OpenProcessToken(GetCurrentProcess(),
|
||||||
|
TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,
|
||||||
|
&hToken))
|
||||||
|
{
|
||||||
|
if (LookupPrivilegeValue(NULL, szPrivilegeName,
|
||||||
|
&tkp.Privileges[0].Luid))
|
||||||
|
{
|
||||||
|
DWORD dwSize = sizeof (tkp);
|
||||||
|
if (GetTokenInformation (hToken, TokenPrivileges, &tkp, dwSize, &dwSize))
|
||||||
|
{
|
||||||
|
bRet = (tkp.Privileges[0].Attributes & SE_PRIVILEGE_ENABLED) != 0;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
dwLastError = GetLastError ();
|
||||||
|
}
|
||||||
|
else
|
||||||
|
dwLastError = GetLastError ();
|
||||||
|
|
||||||
|
CloseHandle(hToken);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
dwLastError = GetLastError ();
|
||||||
|
|
||||||
|
SetLastError (dwLastError);
|
||||||
|
|
||||||
|
return bRet;
|
||||||
|
}
|
||||||
|
|
||||||
BOOL DeleteDirectory (const wchar_t* szDirName)
|
BOOL DeleteDirectory (const wchar_t* szDirName)
|
||||||
{
|
{
|
||||||
BOOL bStatus = RemoveDirectory (szDirName);
|
BOOL bStatus = RemoveDirectory (szDirName);
|
||||||
@ -15743,4 +15778,54 @@ DWORD SendServiceNotification (DWORD dwNotificationCmd)
|
|||||||
|
|
||||||
return dwRet;
|
return dwRet;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
DWORD FastResizeFile (const wchar_t* filePath, __int64 fileSize)
|
||||||
|
{
|
||||||
|
DWORD dwRet = ERROR_INVALID_PARAMETER;
|
||||||
|
if (filePath && fileSize > 0)
|
||||||
|
{
|
||||||
|
// we set required privileges to speedup file creation before we create the file so that the file handle inherits the privileges
|
||||||
|
BOOL bPrivilegesSet = IsPrivilegeEnabled (SE_MANAGE_VOLUME_NAME);
|
||||||
|
if (!bPrivilegesSet && !SetPrivilege(SE_MANAGE_VOLUME_NAME, TRUE))
|
||||||
|
{
|
||||||
|
dwRet = GetLastError ();
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
HANDLE dev = CreateFile (filePath, GENERIC_WRITE | GENERIC_WRITE, 0, NULL, OPEN_EXISTING, 0, NULL);
|
||||||
|
if (dev != INVALID_HANDLE_VALUE)
|
||||||
|
{
|
||||||
|
LARGE_INTEGER liSize;
|
||||||
|
liSize.QuadPart = fileSize;
|
||||||
|
// Preallocate the file with desired size
|
||||||
|
if (!SetFilePointerEx (dev, liSize, NULL, FILE_BEGIN)
|
||||||
|
|| !SetEndOfFile (dev))
|
||||||
|
{
|
||||||
|
dwRet = GetLastError ();
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
if (!SetFileValidData (dev, fileSize))
|
||||||
|
{
|
||||||
|
dwRet = GetLastError ();
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
dwRet = ERROR_SUCCESS;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
FlushFileBuffers (dev);
|
||||||
|
CloseHandle (dev);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
dwRet = GetLastError ();
|
||||||
|
|
||||||
|
if (!bPrivilegesSet)
|
||||||
|
SetPrivilege(SE_MANAGE_VOLUME_NAME, FALSE);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return dwRet;
|
||||||
|
}
|
||||||
#endif // VC_COMREG
|
#endif // VC_COMREG
|
@ -577,6 +577,7 @@ BOOL CopyTextToClipboard (const wchar_t* txtValue);
|
|||||||
BOOL LaunchElevatedProcess (HWND hwndDlg, const wchar_t* szModPath, const wchar_t* args);
|
BOOL LaunchElevatedProcess (HWND hwndDlg, const wchar_t* szModPath, const wchar_t* args);
|
||||||
BOOL GetFreeDriveLetter(WCHAR* pCh);
|
BOOL GetFreeDriveLetter(WCHAR* pCh);
|
||||||
BOOL SetPrivilege(LPTSTR szPrivilegeName, BOOL bEnable);
|
BOOL SetPrivilege(LPTSTR szPrivilegeName, BOOL bEnable);
|
||||||
|
BOOL IsPrivilegeEnabled (LPTSTR szPrivilegeName);
|
||||||
BOOL DeleteDirectory (const wchar_t* szDirName);
|
BOOL DeleteDirectory (const wchar_t* szDirName);
|
||||||
BOOL IsThreadInSecureDesktop(DWORD dwThreadID);
|
BOOL IsThreadInSecureDesktop(DWORD dwThreadID);
|
||||||
INT_PTR SecureDesktopDialogBoxParam (HINSTANCE, LPCWSTR, HWND, DLGPROC, LPARAM);
|
INT_PTR SecureDesktopDialogBoxParam (HINSTANCE, LPCWSTR, HWND, DLGPROC, LPARAM);
|
||||||
@ -589,6 +590,7 @@ void SafeOpenURL (LPCWSTR szUrl);
|
|||||||
BitLockerEncryptionStatus GetBitLockerEncryptionStatus(WCHAR driveLetter);
|
BitLockerEncryptionStatus GetBitLockerEncryptionStatus(WCHAR driveLetter);
|
||||||
BOOL IsTestSigningModeEnabled ();
|
BOOL IsTestSigningModeEnabled ();
|
||||||
DWORD SendServiceNotification (DWORD dwNotificationCmd);
|
DWORD SendServiceNotification (DWORD dwNotificationCmd);
|
||||||
|
DWORD FastResizeFile (const wchar_t* filePath, __int64 fileSize);
|
||||||
#ifdef _WIN64
|
#ifdef _WIN64
|
||||||
void GetAppRandomSeed (unsigned char* pbRandSeed, size_t cbRandSeed);
|
void GetAppRandomSeed (unsigned char* pbRandSeed, size_t cbRandSeed);
|
||||||
#endif
|
#endif
|
||||||
|
@ -345,6 +345,7 @@ int TCFormatVolume (volatile FORMAT_VOL_PARAMETERS *volParams)
|
|||||||
{
|
{
|
||||||
/* File-hosted volume */
|
/* File-hosted volume */
|
||||||
BOOL speedupFileCreation = FALSE;
|
BOOL speedupFileCreation = FALSE;
|
||||||
|
BOOL delayedSpeedupFileCreation = FALSE;
|
||||||
// speedup for file creation only makes sens when using quick format for non hidden volumes
|
// speedup for file creation only makes sens when using quick format for non hidden volumes
|
||||||
if (!volParams->hiddenVol && !bInstantRetryOtherFilesys && volParams->quickFormat && volParams->fastCreateFile)
|
if (!volParams->hiddenVol && !bInstantRetryOtherFilesys && volParams->quickFormat && volParams->fastCreateFile)
|
||||||
{
|
{
|
||||||
@ -352,7 +353,12 @@ int TCFormatVolume (volatile FORMAT_VOL_PARAMETERS *volParams)
|
|||||||
if (!SetPrivilege(SE_MANAGE_VOLUME_NAME, TRUE))
|
if (!SetPrivilege(SE_MANAGE_VOLUME_NAME, TRUE))
|
||||||
{
|
{
|
||||||
DWORD dwLastError = GetLastError();
|
DWORD dwLastError = GetLastError();
|
||||||
if (Silent || (MessageBoxW(hwndDlg, GetString ("ADMIN_PRIVILEGES_WARN_MANAGE_VOLUME"), lpszTitle, MB_YESNO | MB_ICONWARNING | MB_DEFBUTTON2) == IDNO))
|
if (!IsAdmin () && IsUacSupported ())
|
||||||
|
{
|
||||||
|
speedupFileCreation = TRUE;
|
||||||
|
delayedSpeedupFileCreation = TRUE;
|
||||||
|
}
|
||||||
|
else if (Silent || (MessageBoxW(hwndDlg, GetString ("ADMIN_PRIVILEGES_WARN_MANAGE_VOLUME"), lpszTitle, MB_YESNO | MB_ICONWARNING | MB_DEFBUTTON2) == IDNO))
|
||||||
{
|
{
|
||||||
SetLastError(dwLastError);
|
SetLastError(dwLastError);
|
||||||
nStatus = ERR_OS_ERROR;
|
nStatus = ERR_OS_ERROR;
|
||||||
@ -406,12 +412,15 @@ int TCFormatVolume (volatile FORMAT_VOL_PARAMETERS *volParams)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Preallocate the file
|
if (!delayedSpeedupFileCreation)
|
||||||
if (!SetFilePointerEx (dev, volumeSize, NULL, FILE_BEGIN)
|
|
||||||
|| !SetEndOfFile (dev))
|
|
||||||
{
|
{
|
||||||
nStatus = ERR_OS_ERROR;
|
// Preallocate the file
|
||||||
goto error;
|
if (!SetFilePointerEx (dev, volumeSize, NULL, FILE_BEGIN)
|
||||||
|
|| !SetEndOfFile (dev))
|
||||||
|
{
|
||||||
|
nStatus = ERR_OS_ERROR;
|
||||||
|
goto error;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (speedupFileCreation)
|
if (speedupFileCreation)
|
||||||
@ -420,8 +429,42 @@ int TCFormatVolume (volatile FORMAT_VOL_PARAMETERS *volParams)
|
|||||||
// this has security issues since it will put existing disk content into file container
|
// this has security issues since it will put existing disk content into file container
|
||||||
// We use this mechanism only when switch /fastCreateFile specific and when quick format
|
// We use this mechanism only when switch /fastCreateFile specific and when quick format
|
||||||
// also specified and which is documented to have security issues.
|
// also specified and which is documented to have security issues.
|
||||||
// we don't check returned status because failure is not issue for us
|
if (delayedSpeedupFileCreation)
|
||||||
if (!SetFileValidData (dev, volumeSize.QuadPart))
|
{
|
||||||
|
// in case of delayed speedup we need to set the file size to a minimal value before performing the real preallocation through UAC
|
||||||
|
LARGE_INTEGER minimalSize;
|
||||||
|
DWORD dwOpStatus;
|
||||||
|
// 16K
|
||||||
|
minimalSize.QuadPart = 16 * 1024;
|
||||||
|
if (!SetFilePointerEx (dev, minimalSize, NULL, FILE_BEGIN)
|
||||||
|
|| !SetEndOfFile (dev))
|
||||||
|
{
|
||||||
|
nStatus = ERR_OS_ERROR;
|
||||||
|
goto error;
|
||||||
|
}
|
||||||
|
|
||||||
|
FlushFileBuffers (dev);
|
||||||
|
CloseHandle (dev);
|
||||||
|
dev = INVALID_HANDLE_VALUE;
|
||||||
|
|
||||||
|
dwOpStatus = UacFastFileCreation (volParams->hwndDlg, volParams->volumePath, volumeSize.QuadPart);
|
||||||
|
if (dwOpStatus != 0)
|
||||||
|
{
|
||||||
|
SetLastError(dwOpStatus);
|
||||||
|
nStatus = ERR_OS_ERROR;
|
||||||
|
goto error;
|
||||||
|
}
|
||||||
|
|
||||||
|
// open again the file now that it was created
|
||||||
|
dev = CreateFile (volParams->volumePath, GENERIC_READ | GENERIC_WRITE,
|
||||||
|
0, NULL, OPEN_EXISTING, 0, NULL);
|
||||||
|
if (dev == INVALID_HANDLE_VALUE)
|
||||||
|
{
|
||||||
|
nStatus = ERR_OS_ERROR;
|
||||||
|
goto error;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else if (!SetFileValidData (dev, volumeSize.QuadPart))
|
||||||
{
|
{
|
||||||
nStatus = ERR_OS_ERROR;
|
nStatus = ERR_OS_ERROR;
|
||||||
goto error;
|
goto error;
|
||||||
|
@ -187,6 +187,11 @@ class TrueCryptFormatCom : public ITrueCryptFormatCom
|
|||||||
return BaseCom::NotifyService (dwNotifyCode);
|
return BaseCom::NotifyService (dwNotifyCode);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
virtual DWORD STDMETHODCALLTYPE FastFileResize (BSTR filePath, __int64 fileSize)
|
||||||
|
{
|
||||||
|
return BaseCom::FastFileResize (filePath, fileSize);
|
||||||
|
}
|
||||||
|
|
||||||
protected:
|
protected:
|
||||||
DWORD MessageThreadId;
|
DWORD MessageThreadId;
|
||||||
LONG RefCount;
|
LONG RefCount;
|
||||||
@ -335,3 +340,29 @@ extern "C" BOOL UacWriteLocalMachineRegistryDword (HWND hwndDlg, wchar_t *keyPat
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
extern "C" DWORD UacFastFileCreation (HWND hWnd, wchar_t* filePath, __int64 fileSize)
|
||||||
|
{
|
||||||
|
CComPtr<ITrueCryptFormatCom> tc;
|
||||||
|
DWORD r;
|
||||||
|
|
||||||
|
CoInitialize (NULL);
|
||||||
|
|
||||||
|
if (ComGetInstance (hWnd, &tc))
|
||||||
|
{
|
||||||
|
CComBSTR filePathBstr;
|
||||||
|
BSTR bstr = W2BSTR(filePath);
|
||||||
|
if (bstr)
|
||||||
|
{
|
||||||
|
filePathBstr.Attach (bstr);
|
||||||
|
r = tc->FastFileResize (filePathBstr, fileSize);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
r = ERROR_OUTOFMEMORY;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
r = GetLastError();
|
||||||
|
|
||||||
|
CoUninitialize ();
|
||||||
|
|
||||||
|
return r;
|
||||||
|
}
|
||||||
|
@ -30,6 +30,7 @@ int UacAnalyzeHiddenVolumeHost (HWND hwndDlg, int *driveNo, __int64 hiddenVolHos
|
|||||||
int UacFormatVolume (char *cvolumePath , BOOL bDevice , unsigned __int64 size , unsigned __int64 hiddenVolHostSize , Password *password , int cipher , int pkcs5 , BOOL quickFormat, BOOL sparseFileSwitch, int fileSystem , int clusterSize, HWND hwndDlg , BOOL hiddenVol , int *realClusterSize);
|
int UacFormatVolume (char *cvolumePath , BOOL bDevice , unsigned __int64 size , unsigned __int64 hiddenVolHostSize , Password *password , int cipher , int pkcs5 , BOOL quickFormat, BOOL sparseFileSwitch, int fileSystem , int clusterSize, HWND hwndDlg , BOOL hiddenVol , int *realClusterSize);
|
||||||
BOOL UacUpdateProgressBar (__int64 nSecNo, BOOL *bVolTransformThreadCancel);
|
BOOL UacUpdateProgressBar (__int64 nSecNo, BOOL *bVolTransformThreadCancel);
|
||||||
BOOL UacWriteLocalMachineRegistryDword (HWND hwndDlg, wchar_t *keyPath, wchar_t *valueName, DWORD value);
|
BOOL UacWriteLocalMachineRegistryDword (HWND hwndDlg, wchar_t *keyPath, wchar_t *valueName, DWORD value);
|
||||||
|
DWORD UacFastFileCreation (HWND hWnd, wchar_t* filePath, __int64 fileSize);
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
}
|
}
|
||||||
|
@ -50,6 +50,7 @@ library TrueCryptFormatCom
|
|||||||
DWORD UpdateSetupConfigFile (BOOL bForInstall);
|
DWORD UpdateSetupConfigFile (BOOL bForInstall);
|
||||||
DWORD GetSecureBootConfig (BOOL* pSecureBootEnabled, BOOL *pVeraCryptKeysLoaded);
|
DWORD GetSecureBootConfig (BOOL* pSecureBootEnabled, BOOL *pVeraCryptKeysLoaded);
|
||||||
DWORD NotifyService (DWORD dwNotifyCode);
|
DWORD NotifyService (DWORD dwNotifyCode);
|
||||||
|
DWORD FastFileResize (BSTR filePath, __int64 fileSize);
|
||||||
};
|
};
|
||||||
|
|
||||||
[
|
[
|
||||||
|
@ -208,6 +208,11 @@ class TrueCryptMainCom : public ITrueCryptMainCom
|
|||||||
return BaseCom::NotifyService (dwNotifyCode);
|
return BaseCom::NotifyService (dwNotifyCode);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
virtual DWORD STDMETHODCALLTYPE FastFileResize (BSTR filePath, __int64 fileSize)
|
||||||
|
{
|
||||||
|
return BaseCom::FastFileResize (filePath, fileSize);
|
||||||
|
}
|
||||||
|
|
||||||
protected:
|
protected:
|
||||||
DWORD MessageThreadId;
|
DWORD MessageThreadId;
|
||||||
LONG RefCount;
|
LONG RefCount;
|
||||||
|
@ -54,6 +54,7 @@ library TrueCryptMainCom
|
|||||||
DWORD UpdateSetupConfigFile (BOOL bForInstall);
|
DWORD UpdateSetupConfigFile (BOOL bForInstall);
|
||||||
DWORD GetSecureBootConfig (BOOL* pSecureBootEnabled, BOOL *pVeraCryptKeysLoaded);
|
DWORD GetSecureBootConfig (BOOL* pSecureBootEnabled, BOOL *pVeraCryptKeysLoaded);
|
||||||
DWORD NotifyService (DWORD dwNotifyCode);
|
DWORD NotifyService (DWORD dwNotifyCode);
|
||||||
|
DWORD FastFileResize (BSTR filePath, __int64 fileSize);
|
||||||
};
|
};
|
||||||
|
|
||||||
[
|
[
|
||||||
|
Loading…
Reference in New Issue
Block a user