2 Bacula(R) - The Network Backup Solution
4 Copyright (C) 2000-2015 Kern Sibbald
6 The original author of Bacula is Kern Sibbald, with contributions
7 from many others, a complete list can be found in the file AUTHORS.
9 You may use this file and others of this release according to the
10 license defined in the LICENSE file, which includes the Affero General
11 Public License, v3.0 ("AGPLv3") and some additional permissions and
12 terms pursuant to its AGPLv3 Section 7.
14 This notice must be preserved when any source code is
15 conveyed and/or propagated.
17 Bacula(R) is a registered trademark of Kern Sibbald.
20 * Enable backup privileges for Win32 systems.
22 * Kern Sibbald, May MMIII
31 /*=============================================================*/
33 /* * * * U n i x * * * * */
35 /*=============================================================*/
37 #if !defined(HAVE_WIN32)
39 int enable_backup_privileges(JCR *jcr, int ignore_errors)
47 /*=============================================================*/
49 /* * * * W i n 3 2 * * * * */
51 /*=============================================================*/
53 #if defined(HAVE_WIN32)
55 void win_error(JCR *jcr, const char *prefix, DWORD lerror);
58 enable_priv(JCR *jcr, HANDLE hToken, const char *name, int ignore_errors)
63 if (!(p_LookupPrivilegeValue && p_AdjustTokenPrivileges)) {
64 return 0; /* not avail on this OS */
67 // Get the LUID for the security privilege.
68 if (!p_LookupPrivilegeValue(NULL, name, &tkp.Privileges[0].Luid)) {
69 win_error(jcr, "LookupPrivilegeValue", GetLastError());
73 /* Set the security privilege for this process. */
74 tkp.PrivilegeCount = 1;
75 tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
76 p_AdjustTokenPrivileges(hToken, FALSE, &tkp, sizeof(TOKEN_PRIVILEGES), NULL, NULL);
77 lerror = GetLastError();
78 if (lerror != ERROR_SUCCESS) {
81 strcpy(buf, _("AdjustTokenPrivileges set "));
82 bstrncat(buf, name, sizeof(buf));
83 win_error(jcr, buf, lerror);
91 * Setup privileges we think we will need. We probably do not need
92 * the SE_SECURITY_NAME, but since nothing seems to be working,
93 * we get it hoping to fix the problems.
95 int enable_backup_privileges(JCR *jcr, int ignore_errors)
97 HANDLE hToken, hProcess;
100 if (!p_OpenProcessToken) {
101 return 0; /* No avail on this OS */
104 hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, GetCurrentProcessId());
106 // Get a token for this process.
107 if (!p_OpenProcessToken(hProcess,
108 TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) {
109 if (!ignore_errors) {
110 win_error(jcr, "OpenProcessToken", GetLastError());
112 /* Forge on anyway */
115 /* Return a bit map of permissions set. */
116 if (enable_priv(jcr, hToken, SE_BACKUP_NAME, ignore_errors)) {
119 if (enable_priv(jcr, hToken, SE_RESTORE_NAME, ignore_errors)) {
122 if (enable_priv(jcr, hToken, SE_SECURITY_NAME, ignore_errors)) {
125 if (enable_priv(jcr, hToken, SE_TAKE_OWNERSHIP_NAME, ignore_errors)) {
128 if (enable_priv(jcr, hToken, SE_ASSIGNPRIMARYTOKEN_NAME, ignore_errors)) {
131 if (enable_priv(jcr, hToken, SE_SYSTEM_ENVIRONMENT_NAME, ignore_errors)) {
134 if (enable_priv(jcr, hToken, SE_CREATE_TOKEN_NAME, ignore_errors)) {
137 if (enable_priv(jcr, hToken, SE_MACHINE_ACCOUNT_NAME, ignore_errors)) {
140 if (enable_priv(jcr, hToken, SE_TCB_NAME, ignore_errors)) {
143 if (enable_priv(jcr, hToken, SE_CREATE_PERMANENT_NAME, ignore_errors)) {
152 CloseHandle(hProcess);
156 #endif /* HAVE_WIN32 */