diff options
author | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2023-06-23 00:36:07 +0200 |
---|---|---|
committer | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2023-06-23 00:36:07 +0200 |
commit | bb55343f635cdda4f62c998b269c88cb9df384ec (patch) | |
tree | 84dc6b7a48602d5dbea82bf84a7ec74d160f0077 | |
parent | 0e4f1ecee33db0353dc845ee02b339f9c4ab7c22 (diff) | |
download | VeraCrypt-bb55343f635cdda4f62c998b269c88cb9df384ec.tar.gz VeraCrypt-bb55343f635cdda4f62c998b269c88cb9df384ec.zip |
Windows: if /fastCreateFile set, request SE_MANAGE_VOLUME_NAME privileges (credits: @xnoreq)
Display a warning if request failed and allow to continue without fast creation
-rw-r--r-- | src/Common/Format.c | 29 | ||||
-rw-r--r-- | src/Common/Language.xml | 1 |
2 files changed, 24 insertions, 6 deletions
diff --git a/src/Common/Format.c b/src/Common/Format.c index 4363f474..f34ee39b 100644 --- a/src/Common/Format.c +++ b/src/Common/Format.c @@ -401,12 +401,29 @@ begin_format: if (speedupFileCreation) { - // accelerate file creation by telling Windows not to fill all file content with zeros - // this has security issues since it will put existing disk content into file container - // We use this mechanism only when switch /fastCreateFile specific and when quick format - // also specified and which is documented to have security issues. - // we don't check returned status because failure is not issue for us - SetFileValidData (dev, volumeSize.QuadPart); + if (!SetPrivilege(SE_MANAGE_VOLUME_NAME, TRUE)) + { + DWORD dwLastError = GetLastError(); + if (Silent || (MessageBoxW(hwndDlg, GetString ("ADMIN_PRIVILEGES_WARN_MANAGE_VOLUME"), lpszTitle, MB_YESNO | MB_ICONWARNING | MB_DEFBUTTON2) == IDNO)) + { + SetLastError(dwLastError); + nStatus = ERR_OS_ERROR; + goto error; + } + } + else + { + // accelerate file creation by telling Windows not to fill all file content with zeros + // this has security issues since it will put existing disk content into file container + // We use this mechanism only when switch /fastCreateFile specific and when quick format + // also specified and which is documented to have security issues. + // we don't check returned status because failure is not issue for us + if (!SetFileValidData (dev, volumeSize.QuadPart)) + { + nStatus = ERR_OS_ERROR; + goto error; + } + } } if (SetFilePointer (dev, 0, NULL, FILE_BEGIN) != 0) diff --git a/src/Common/Language.xml b/src/Common/Language.xml index 8d6fb7ab..7c001179 100644 --- a/src/Common/Language.xml +++ b/src/Common/Language.xml @@ -389,6 +389,7 @@ <entry lang="en" key="ADMINISTRATOR">Administrator</entry> <entry lang="en" key="ADMIN_PRIVILEGES_DRIVER">In order to load the VeraCrypt driver, you need to be logged into an account with administrator privileges.</entry> <entry lang="en" key="ADMIN_PRIVILEGES_WARN_DEVICES">Please note that in order to encrypt, decrypt or format a partition/device you need to be logged into an account with administrator privileges.\n\nThis does not apply to file-hosted volumes.</entry> + <entry lang="en" key="ADMIN_PRIVILEGES_WARN_MANAGE_VOLUME">Unable to activate fast file creation: Administrator privileges required.\nPlease relaunch the program as an Administrator to enable this feature.\n\nWould you like to proceed without fast file creation?</entry> <entry lang="en" key="ADMIN_PRIVILEGES_WARN_HIDVOL">In order to create a hidden volume you need to be logged into an account with administrator privileges.\n\nContinue?</entry> <entry lang="en" key="ADMIN_PRIVILEGES_WARN_NTFS">Please note that in order to format the volume as NTFS/exFAT/ReFS you need to be logged into an account with administrator privileges.\n\nWithout administrator privileges, you can format the volume as FAT.</entry> <entry lang="en" key="AES_HELP">FIPS-approved cipher (Rijndael, published in 1998) that may be used by U.S. government departments and agencies to protect classified information up to the Top Secret level. 256-bit key, 128-bit block, 14 rounds (AES-256). Mode of operation is XTS.</entry> |