github
/
aria2
mirror of https://github.com/aria2/aria2
1
0
Fork 0
Code Issues Releases Wiki Activity

mingw32: Gain privilege before opening files

dynamic-select-file
Tatsuhiro Tsujikawa 2016-05-18 22:59:46 +09:00
parent 1603d8ea7b
commit 949a580a14
4 changed files with 29 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/FallocFileAllocationIterator.cc
View File

@ -39,28 +39,11 @@
namespace aria2 { namespace aria2 {
#ifdef __MINGW32__
bool FallocFileAllocationIterator::gainPrivilegeAttempted_ = false;
#endif // __MINGW32__
FallocFileAllocationIterator::FallocFileAllocationIterator(BinaryStream* stream, FallocFileAllocationIterator::FallocFileAllocationIterator(BinaryStream* stream,
int64_t offset, int64_t offset,
int64_t totalLength) int64_t totalLength)
: stream_(stream), offset_(offset), totalLength_(totalLength) : stream_(stream), offset_(offset), totalLength_(totalLength)
{ {
#ifdef __MINGW32__
// Windows build: --file-allocation=falloc uses SetFileValidData
// which requires SE_MANAGE_VOLUME_NAME privilege. SetFileValidData
// has security implications (see
// https://msdn.microsoft.com/en-us/library/windows/desktop/aa365544%28v=vs.85%29.aspx).
if (!gainPrivilegeAttempted_) {
if (!util::gainPrivilege(SE_MANAGE_VOLUME_NAME)) {
A2_LOG_WARN("--file-allocation=falloc will not work properly.");
}
gainPrivilegeAttempted_ = true;
}
#endif // __MINGW32__
} }
void FallocFileAllocationIterator::allocateChunk() void FallocFileAllocationIterator::allocateChunk()

4
src/FallocFileAllocationIterator.h
View File

@ -47,10 +47,6 @@ private:
int64_t offset_; int64_t offset_;
int64_t totalLength_; int64_t totalLength_;
#ifdef __MINGW32__
static bool gainPrivilegeAttempted_;
#endif // __MINGW32__
public: public:
FallocFileAllocationIterator(BinaryStream* stream, int64_t offset, FallocFileAllocationIterator(BinaryStream* stream, int64_t offset,
int64_t totalLength); int64_t totalLength);

29
src/RequestGroup.cc
View File

@ -604,6 +604,35 @@ void RequestGroup::initPieceStorage()
segmentMan_ = segmentMan_ =
std::make_shared<SegmentMan>(downloadContext_, tempPieceStorage); std::make_shared<SegmentMan>(downloadContext_, tempPieceStorage);
pieceStorage_ = tempPieceStorage; pieceStorage_ = tempPieceStorage;
#ifdef __MINGW32__
// Windows build: --file-allocation=falloc uses SetFileValidData
// which requires SE_MANAGE_VOLUME_NAME privilege. SetFileValidData
// has security implications (see
// https://msdn.microsoft.com/en-us/library/windows/desktop/aa365544%28v=vs.85%29.aspx).
static auto gainPrivilegeAttempted = false;
if (!gainPrivilegeAttempted &&
pieceStorage_->getDiskAdaptor()->getFileAllocationMethod() ==
DiskAdaptor::FILE_ALLOC_FALLOC &&
isFileAllocationEnabled()) {
if (!util::gainPrivilege(SE_MANAGE_VOLUME_NAME)) {
A2_LOG_WARN("--file-allocation=falloc will not work properly.");
}
else {
A2_LOG_DEBUG("SE_MANAGE_VOLUME_NAME privilege acquired");
A2_LOG_WARN(
"--file-allocation=falloc will use SetFileValidData() API, and "
"aria2 uses uninitialized disk space which may contain "
"confidential data as the download file space. If it is "
"undesirable, --file-allocation=prealloc is slower, but safer "
"option.");
}
gainPrivilegeAttempted = true;
}
#endif // __MINGW32__
} }
void RequestGroup::dropPieceStorage() void RequestGroup::dropPieceStorage()

10
src/option_processing.cc
View File

@ -341,16 +341,6 @@ error_code::Value option_processing(Option& op, bool standalone,
op.remove(PREF_DEFERRED_INPUT); op.remove(PREF_DEFERRED_INPUT);
} }
#ifdef __MINGW32__
if (op.get(PREF_FILE_ALLOCATION) == V_FALLOC) {
A2_LOG_WARN(
"--file-allocation=falloc will use SetFileValidData() API, and "
"aria2 uses uninitialized disk space which may contain "
"confidential data as the download file space. If it is "
"undesirable, --file-allocation=prealloc is slower, but safer option.");
}
#endif // __MINGW32__
return error_code::FINISHED; return error_code::FINISHED;
} }