16
"github.com/containers/storage/pkg/fileutils"
17
"github.com/containers/storage/pkg/homedir"
18
"github.com/sirupsen/logrus"
19
"golang.org/x/sys/windows"
20
"golang.org/x/sys/windows/registry"
23
type SHELLEXECUTEINFO struct {
32
hInstApp syscall.Handle
35
hkeyClass syscall.Handle
37
hIconOrMonitor syscall.Handle
38
hProcess syscall.Handle
46
type LuidAndAttributes struct {
51
type TokenPrivileges struct {
53
privileges [1]LuidAndAttributes
56
// Cleaner to refer to the official OS constant names, and consistent with syscall
59
SEE_MASK_NOCLOSEPROCESS = 0x40
61
EWX_FORCEIFHUNG = 0x10
65
EWX_RESTARTAPPS = 0x40
67
SHTDN_REASON_MAJOR_APPLICATION = 0x00040000
69
SHTDN_REASON_MINOR_INSTALLATION = 0x00000002
71
SHTDN_REASON_FLAG_PLANNED = 0x80000000
73
TOKEN_ADJUST_PRIVILEGES = 0x0020
77
SE_PRIVILEGE_ENABLED = 0x00000002
79
SE_ERR_ACCESSDENIED = 0x05
82
func winVersionAtLeast(major uint, minor uint, build uint) bool {
85
in := []uint32{uint32(major), uint32(minor), uint32(build)}
86
out[0], out[1], out[2] = windows.RtlGetNtVersionNumbers()
88
for i, o := range out {
100
func HasAdminRights() bool {
103
// See: https://coolaj86.com/articles/golang-and-windows-and-admins-oh-my/
104
if err := windows.AllocateAndInitializeSid(
105
&windows.SECURITY_NT_AUTHORITY,
107
windows.SECURITY_BUILTIN_DOMAIN_RID,
108
windows.DOMAIN_ALIAS_RID_ADMINS,
111
logrus.Warnf("SID allocation error: %s", err)
115
_ = windows.FreeSid(sid)
119
// "If TokenHandle is NULL, CheckTokenMembership uses the impersonation
120
// token of the calling thread. If the thread is not impersonating,
121
// the function duplicates the thread's primary token to create an
122
// impersonation token."
123
token := windows.Token(0)
125
member, err := token.IsMember(sid)
127
logrus.Warnf("Token Membership Error: %s", err)
131
return member || token.IsElevated()
134
func relaunchElevatedWait() error {
135
e, _ := os.Executable()
137
exe, _ := syscall.UTF16PtrFromString(e)
138
cwd, _ := syscall.UTF16PtrFromString(d)
139
arg, _ := syscall.UTF16PtrFromString(buildCommandArgs(true))
140
verb, _ := syscall.UTF16PtrFromString("runas")
142
shell32 := syscall.NewLazyDLL("shell32.dll")
144
info := &SHELLEXECUTEINFO{
145
fMask: SEE_MASK_NOCLOSEPROCESS,
147
lpVerb: uintptr(unsafe.Pointer(verb)),
148
lpFile: uintptr(unsafe.Pointer(exe)),
149
lpParameters: uintptr(unsafe.Pointer(arg)),
150
lpDirectory: uintptr(unsafe.Pointer(cwd)),
153
info.cbSize = uint32(unsafe.Sizeof(*info))
154
procShellExecuteEx := shell32.NewProc("ShellExecuteExW")
155
if ret, _, _ := procShellExecuteEx.Call(uintptr(unsafe.Pointer(info))); ret == 0 { // 0 = False
156
err := syscall.GetLastError()
157
if info.hInstApp == SE_ERR_ACCESSDENIED {
158
return wrapMaybe(err, "request to elevate privileges was denied")
160
return wrapMaybef(err, "could not launch process, ShellEX Error = %d", info.hInstApp)
163
handle := info.hProcess
165
_ = syscall.CloseHandle(handle)
168
w, err := syscall.WaitForSingleObject(handle, syscall.INFINITE)
170
case syscall.WAIT_OBJECT_0:
172
case syscall.WAIT_FAILED:
173
return fmt.Errorf("could not wait for process, failed: %w", err)
175
return errors.New("could not wait for process, unknown error")
178
if err := syscall.GetExitCodeProcess(handle, &code); err != nil {
182
return &ExitCodeError{uint(code)}
188
func wrapMaybe(err error, message string) error {
190
return fmt.Errorf("%v: %w", message, err)
193
return errors.New(message)
196
func wrapMaybef(err error, format string, args ...interface{}) error {
198
return fmt.Errorf(format+": %w", append(args, err)...)
201
return fmt.Errorf(format, args...)
206
wtLocation = `Microsoft\WindowsApps\wt.exe`
207
wtPrefix = `%LocalAppData%\Microsoft\WindowsApps\wt -p "Windows PowerShell" `
208
localAppData = "LocalAppData"
209
pShellLaunch = `powershell -noexit "powershell -EncodedCommand (Get-Content '%s')"`
212
exe, _ := os.Executable()
213
relaunch := fmt.Sprintf("& %s %s", syscall.EscapeArg(exe), buildCommandArgs(false))
214
encoded := base64.StdEncoding.EncodeToString(encodeUTF16Bytes(relaunch))
216
dataDir, err := homedir.GetDataHome()
218
return fmt.Errorf("could not determine data directory: %w", err)
220
if err := os.MkdirAll(dataDir, 0755); err != nil {
221
return fmt.Errorf("could not create data directory: %w", err)
223
commFile := filepath.Join(dataDir, "podman-relaunch.dat")
224
if err := os.WriteFile(commFile, []byte(encoded), 0600); err != nil {
225
return fmt.Errorf("could not serialize command state: %w", err)
228
command := fmt.Sprintf(pShellLaunch, commFile)
229
if err := fileutils.Lexists(filepath.Join(os.Getenv(localAppData), wtLocation)); err == nil {
230
wtCommand := wtPrefix + command
231
// RunOnce is limited to 260 chars (supposedly no longer in Builds >= 19489)
232
// For now fallback in cases of long usernames (>89 chars)
233
if len(wtCommand) < 260 {
238
if err := addRunOnceRegistryEntry(command); err != nil {
242
if err := obtainShutdownPrivilege(); err != nil {
246
message := "To continue the process of enabling WSL, the system needs to reboot. " +
247
"Alternatively, you can cancel and reboot manually\n\n" +
248
"After rebooting, please wait a minute or two for podman machine to relaunch and continue installing."
250
if MessageBox(message, "Podman Machine", false) != 1 {
251
fmt.Println("Reboot is required to continue installation, please reboot at your convenience")
252
os.Exit(ErrorSuccessRebootRequired)
256
user32 := syscall.NewLazyDLL("user32")
257
procExit := user32.NewProc("ExitWindowsEx")
258
if ret, _, err := procExit.Call(EWX_REBOOT|EWX_RESTARTAPPS|EWX_FORCEIFHUNG,
259
SHTDN_REASON_MAJOR_APPLICATION|SHTDN_REASON_MINOR_INSTALLATION|SHTDN_REASON_FLAG_PLANNED); ret != 1 {
260
return fmt.Errorf("reboot failed: %w", err)
266
func obtainShutdownPrivilege() error {
267
const SeShutdownName = "SeShutdownPrivilege"
269
advapi32 := syscall.NewLazyDLL("advapi32")
270
OpenProcessToken := advapi32.NewProc("OpenProcessToken")
271
LookupPrivilegeValue := advapi32.NewProc("LookupPrivilegeValueW")
272
AdjustTokenPrivileges := advapi32.NewProc("AdjustTokenPrivileges")
274
proc, _ := syscall.GetCurrentProcess()
277
if ret, _, err := OpenProcessToken.Call(uintptr(proc), TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY, uintptr(unsafe.Pointer(&hToken))); ret != 1 {
278
return fmt.Errorf("opening process token: %w", err)
281
var privs TokenPrivileges
283
if ret, _, err := LookupPrivilegeValue.Call(uintptr(0), uintptr(unsafe.Pointer(syscall.StringToUTF16Ptr(SeShutdownName))), uintptr(unsafe.Pointer(&(privs.privileges[0].luid)))); ret != 1 {
284
return fmt.Errorf("looking up shutdown privilege: %w", err)
287
privs.privilegeCount = 1
288
privs.privileges[0].attributes = SE_PRIVILEGE_ENABLED
290
if ret, _, err := AdjustTokenPrivileges.Call(hToken, 0, uintptr(unsafe.Pointer(&privs)), 0, uintptr(0), 0); ret != 1 {
291
return fmt.Errorf("enabling shutdown privilege on token: %w", err)
297
func addRunOnceRegistryEntry(command string) error {
298
k, _, err := registry.CreateKey(registry.CURRENT_USER, `Software\Microsoft\Windows\CurrentVersion\RunOnce`, registry.WRITE)
300
return fmt.Errorf("could not open RunOnce registry entry: %w", err)
305
if err := k.SetExpandStringValue("podman-machine", command); err != nil {
306
return fmt.Errorf("could not open RunOnce registry entry: %w", err)
312
func encodeUTF16Bytes(s string) []byte {
313
u16 := utf16.Encode([]rune(s))
314
u16le := make([]byte, len(u16)*2)
315
for i := 0; i < len(u16); i++ {
316
u16le[i<<1] = byte(u16[i])
317
u16le[(i<<1)+1] = byte(u16[i] >> 8)
322
func MessageBox(caption, title string, fail bool) int {
330
user32 := syscall.NewLazyDLL("user32.dll")
331
captionPtr, _ := syscall.UTF16PtrFromString(caption)
332
titlePtr, _ := syscall.UTF16PtrFromString(title)
333
ret, _, _ := user32.NewProc("MessageBoxW").Call(
335
uintptr(unsafe.Pointer(captionPtr)),
336
uintptr(unsafe.Pointer(titlePtr)),
342
func buildCommandArgs(elevate bool) string {
344
for _, arg := range os.Args[1:] {
345
if arg != "--reexec" {
346
args = append(args, syscall.EscapeArg(arg))
347
if elevate && arg == "init" {
348
args = append(args, "--reexec")
352
return strings.Join(args, " ")