mingw32: Gain privilege before opening files

2016-05-18 22:59:46 +09:00 · 2016-05-18 22:59:46 +09:00 · 949a580a14
parent 1603d8ea7b
commit 949a580a14
4 changed files with 29 additions and 31 deletions
--- a/src/FallocFileAllocationIterator.cc
+++ b/src/FallocFileAllocationIterator.cc
@ -39,28 +39,11 @@

 namespace aria2 {

-#ifdef __MINGW32__
-bool FallocFileAllocationIterator::gainPrivilegeAttempted_ = false;
-#endif // __MINGW32__
-
 FallocFileAllocationIterator::FallocFileAllocationIterator(BinaryStream* stream,
                                                           int64_t offset,
                                                           int64_t totalLength)
    : stream_(stream), offset_(offset), totalLength_(totalLength)
 {
-#ifdef __MINGW32__
-  // Windows build: --file-allocation=falloc uses SetFileValidData
-  // which requires SE_MANAGE_VOLUME_NAME privilege.  SetFileValidData
-  // has security implications (see
-  // https://msdn.microsoft.com/en-us/library/windows/desktop/aa365544%28v=vs.85%29.aspx).
-  if (!gainPrivilegeAttempted_) {
-    if (!util::gainPrivilege(SE_MANAGE_VOLUME_NAME)) {
-      A2_LOG_WARN("--file-allocation=falloc will not work properly.");
-    }
-
-    gainPrivilegeAttempted_ = true;
-  }
-#endif // __MINGW32__
 }

 void FallocFileAllocationIterator::allocateChunk()
--- a/src/FallocFileAllocationIterator.h
+++ b/src/FallocFileAllocationIterator.h
@ -47,10 +47,6 @@ private:
  int64_t offset_;
  int64_t totalLength_;

-#ifdef __MINGW32__
-  static bool gainPrivilegeAttempted_;
-#endif // __MINGW32__
-
 public:
  FallocFileAllocationIterator(BinaryStream* stream, int64_t offset,
                               int64_t totalLength);
--- a/src/RequestGroup.cc
+++ b/src/RequestGroup.cc
@ -604,6 +604,35 @@ void RequestGroup::initPieceStorage()
  segmentMan_ =
      std::make_shared<SegmentMan>(downloadContext_, tempPieceStorage);
  pieceStorage_ = tempPieceStorage;
+
+#ifdef __MINGW32__
+  // Windows build: --file-allocation=falloc uses SetFileValidData
+  // which requires SE_MANAGE_VOLUME_NAME privilege.  SetFileValidData
+  // has security implications (see
+  // https://msdn.microsoft.com/en-us/library/windows/desktop/aa365544%28v=vs.85%29.aspx).
+  static auto gainPrivilegeAttempted = false;
+
+  if (!gainPrivilegeAttempted &&
+      pieceStorage_->getDiskAdaptor()->getFileAllocationMethod() ==
+          DiskAdaptor::FILE_ALLOC_FALLOC &&
+      isFileAllocationEnabled()) {
+    if (!util::gainPrivilege(SE_MANAGE_VOLUME_NAME)) {
+      A2_LOG_WARN("--file-allocation=falloc will not work properly.");
+    }
+    else {
+      A2_LOG_DEBUG("SE_MANAGE_VOLUME_NAME privilege acquired");
+
+      A2_LOG_WARN(
+          "--file-allocation=falloc will use SetFileValidData() API, and "
+          "aria2 uses uninitialized disk space which may contain "
+          "confidential data as the download file space. If it is "
+          "undesirable, --file-allocation=prealloc is slower, but safer "
+          "option.");
+    }
+
+    gainPrivilegeAttempted = true;
+  }
+#endif // __MINGW32__
 }

 void RequestGroup::dropPieceStorage()
--- a/src/option_processing.cc
+++ b/src/option_processing.cc
@ -341,16 +341,6 @@ error_code::Value option_processing(Option& op, bool standalone,
    op.remove(PREF_DEFERRED_INPUT);
  }

-#ifdef __MINGW32__
-  if (op.get(PREF_FILE_ALLOCATION) == V_FALLOC) {
-    A2_LOG_WARN(
-        "--file-allocation=falloc will use SetFileValidData() API, and "
-        "aria2 uses uninitialized disk space which may contain "
-        "confidential data as the download file space. If it is "
-        "undesirable, --file-allocation=prealloc is slower, but safer option.");
-  }
-#endif // __MINGW32__
-
  return error_code::FINISHED;
 }