mirror of
https://github.com/duplicati/duplicati.git
synced 2025-11-28 03:20:25 +08:00
98deb8c576
This updates VSS to default use Vanara in favor of AlphaVSS which is no longer maintained. The build for Vanara requires targeting `net8.0-windows7.0`, which will cause significant build overhead and complexity for cross platform builds. To counter this, the setup is to have a single project, `Duplicati.Library.WindowsModules`, that is targeting `net8.0-windows7.0`. The output from this project is then hoisted into the TrayIcon project for Windows builds so the files are available when debugging on Windows. A top-level dummy executable project is added to ensure the project always builds. The built modules are then loaded with reflection when requested. With the use of Vanara there is now also support for using BackupRead to read files without making a VSS snapshot. With BackupRead, it is possible to read locked files, but it still requires the SeBackupPrivilege as VSS does as well. Unfortunately, the `vssapi.dll` file is not shipped for Arm64 on Windows, so even with Vanara this will not work, and only WMIC is supported on Arm64. A workaround is to run Duplicati with x64 emulation if more advanced VSS features are needed (HyperV and MSSQL support). This PR also updates options and filters out unsupported options for each operating system, so options that are not supported by the current OS are not reported and will give warnings if they are used, as opposed to just being ignored. The release builder project has been updated to exclude the unused project, and purge unwanted outputs.
95 lines
No EOL
3.4 KiB
C#
95 lines
No EOL
3.4 KiB
C#
|
|
// Copyright (C) 2025, The Duplicati Team
|
|
// https://duplicati.com, hello@duplicati.com
|
|
//
|
|
// Permission is hereby granted, free of charge, to any person obtaining a
|
|
// copy of this software and associated documentation files (the "Software"),
|
|
// to deal in the Software without restriction, including without limitation
|
|
// the rights to use, copy, modify, merge, publish, distribute, sublicense,
|
|
// and/or sell copies of the Software, and to permit persons to whom the
|
|
// Software is furnished to do so, subject to the following conditions:
|
|
//
|
|
// The above copyright notice and this permission notice shall be included in
|
|
// all copies or substantial portions of the Software.
|
|
//
|
|
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
|
|
// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
|
|
// FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
|
|
// DEALINGS IN THE SOFTWARE.
|
|
|
|
#nullable enable
|
|
|
|
using System;
|
|
using System.ComponentModel;
|
|
using System.Runtime.InteropServices;
|
|
using System.Runtime.Versioning;
|
|
using Vanara.PInvoke;
|
|
using Vanara.Security.AccessControl;
|
|
using static Vanara.PInvoke.AdvApi32;
|
|
using static Vanara.PInvoke.Kernel32;
|
|
|
|
namespace Duplicati.Library.WindowsModules;
|
|
|
|
/// <summary>
|
|
/// A scope that enables the SeBackupPrivilege for the current process.
|
|
/// This privilege is required to read files that are not accessible
|
|
/// due to access control restrictions, such as files owned by other users.
|
|
/// </summary>
|
|
[SupportedOSPlatform("windows")]
|
|
public sealed class SeBackupPrivilegeScope : IDisposable
|
|
{
|
|
/// <summary>
|
|
/// The token handle for the current process with the SeBackupPrivilege enabled.
|
|
/// </summary>
|
|
private readonly SafeHTOKEN _token;
|
|
/// <summary>
|
|
/// The original state of the SeBackupPrivilege before enabling it.
|
|
/// </summary>
|
|
private readonly TOKEN_PRIVILEGES _originalState;
|
|
/// <summary>
|
|
/// Indicates whether the scope has been disposed.
|
|
/// </summary>
|
|
private bool _disposed;
|
|
|
|
/// <summary>
|
|
/// Initializes a new instance of the <see cref="SeBackupPrivilegeScope"/> class,
|
|
/// and enables the SeBackupPrivilege for the current process.
|
|
/// </summary>
|
|
public SeBackupPrivilegeScope()
|
|
{
|
|
const TokenAccess Access = TokenAccess.TOKEN_ADJUST_PRIVILEGES | TokenAccess.TOKEN_QUERY;
|
|
|
|
if (!OpenProcessToken(GetCurrentProcess(), Access, out _token))
|
|
throw Win32Error.GetLastError().GetException()
|
|
?? new Win32Exception(Marshal.GetLastWin32Error());
|
|
|
|
_originalState = _token.AdjustPrivilege(SystemPrivilege.Backup, PrivilegeAttributes.SE_PRIVILEGE_ENABLED);
|
|
|
|
// Even if AdjustPrivilege "succeeds", we must verify it worked:
|
|
if (Win32Error.GetLastError() == Win32Error.ERROR_NOT_ALL_ASSIGNED)
|
|
{
|
|
_token.Dispose();
|
|
throw new InvalidOperationException("SeBackupPrivilege is not available or cannot be enabled.");
|
|
}
|
|
}
|
|
|
|
/// <inheritdoc/>
|
|
public void Dispose()
|
|
{
|
|
if (_disposed)
|
|
return;
|
|
|
|
try
|
|
{
|
|
_token.AdjustPrivileges(_originalState);
|
|
}
|
|
finally
|
|
{
|
|
_token.Dispose();
|
|
_disposed = true;
|
|
}
|
|
}
|
|
} |