Obtain backup/restore privileges on Windows to read symlinks

fileservplugin/FileServFactory.cpp

@@ -93,6 +93,19 @@ bool FileServFactory::backupSemanticsEnabled()
 	return backup_semantics_enabled;
 }
 
+#ifdef _WIN32
+bool optain_backup_privs();
+bool FileServFactory::optainBackupPrivileges()
+{
+	return optain_backup_privs();
+}
+#else
+bool FileServFactory::optainBackupPrivileges()
+{
+	return true;
+}
+#endif //_WIN32
+
 IPermissionCallback* FileServFactory::getPermissionCallback()
 {
 	return permission_callback;

fileservplugin/FileServFactory.h

@@ -5,6 +5,7 @@ class FileServFactory : public IFileServFactory
 public:
 	static bool backgroundBackupsEnabled();
 	static bool backupSemanticsEnabled();
+	bool optainBackupPrivileges();
 	IFileServ * createFileServ(unsigned short tcpport, unsigned short udpport, const std::string &name="", bool use_fqdn_default=false, bool enable_background_priority=true, bool enable_backup_semantics=true);
 	void destroyFileServ(IFileServ *filesrv);
 

fileservplugin/IFileServFactory.h

@@ -12,6 +12,7 @@
 class IFileServFactory : public IPlugin
 {
 public:
+	virtual bool optainBackupPrivileges() = 0;
 	virtual IFileServ * createFileServ(unsigned short tcpport, unsigned short udpport, const std::string &name="", bool use_fqdn_default=false, bool enable_background_priority=true, bool enable_backup_semantics = true)=0;
 	virtual IFileServ * createFileServNoBind(const std::string &name="", bool use_fqdn_default=false, bool enable_background_priority = true, bool enable_backup_semantics = true)=0;
 	virtual void destroyFileServ(IFileServ *filesrv)=0;

fileservplugin/main.cpp

@@ -190,6 +190,46 @@ HRESULT ModifyPrivilege(
 
     return hr;
 }
+
+bool optain_backup_privs()
+{
+#ifdef BACKUP_SEM
+	bool ret = true;
+	HRESULT hr = ModifyPrivilege(SE_BACKUP_NAME, TRUE);
+	if (!SUCCEEDED(hr))
+	{
+		Log("Failed to modify backup privileges", LL_ERROR);
+		ret = false;
+	}
+	else
+	{
+		Log("Backup privileges set successfully", LL_DEBUG);
+	}
+	hr = ModifyPrivilege(SE_SECURITY_NAME, TRUE);
+	if (!SUCCEEDED(hr))
+	{
+		Log("Failed to modify backup privileges (SE_SECURITY_NAME)", LL_ERROR);
+		ret = false;
+	}
+	else
+	{
+		Log("Backup privileges set successfully (SE_SECURITY_NAME)", LL_DEBUG);
+	}
+	hr = ModifyPrivilege(SE_RESTORE_NAME, TRUE);
+	if (!SUCCEEDED(hr))
+	{
+		Log("Failed to modify backup privileges (SE_RESTORE_NAME)", LL_ERROR);
+		ret = false;
+	}
+	else
+	{
+		Log("Backup privileges set successfully (SE_RESTORE_NAME)", LL_DEBUG);
+	}
+	return ret;
+#else
+	return false;
+#endif
+}
 #endif //_WIN32
 
 #ifdef LINUX_DAEMON
@@ -257,37 +297,7 @@ int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine
 		servername=argv[1];
 #endif
 
-#ifdef BACKUP_SEM
-#ifdef _WIN32
-	HRESULT hr=ModifyPrivilege(SE_BACKUP_NAME, TRUE);
-	if(!SUCCEEDED(hr))
-	{
-		Log("Failed to modify backup privileges", LL_ERROR);
-	}
-	else
-	{
-		Log("Backup privileges set successfully", LL_DEBUG);
-	}
-	hr=ModifyPrivilege(SE_SECURITY_NAME, TRUE);
-	if(!SUCCEEDED(hr))
-	{
-		Log("Failed to modify backup privileges (SE_SECURITY_NAME)", LL_ERROR);
-	}
-	else
-	{
-		Log("Backup privileges set successfully (SE_SECURITY_NAME)", LL_DEBUG);
-	}
-	hr=ModifyPrivilege(SE_RESTORE_NAME, TRUE);
-	if(!SUCCEEDED(hr))
-	{
-		Log("Failed to modify backup privileges (SE_RESTORE_NAME)", LL_ERROR);
-	}
-	else
-	{
-		Log("Backup privileges set successfully (SE_RESTORE_NAME)", LL_DEBUG);
-	}
-#endif
-#endif
+	optain_backup_privs();
 
 #ifdef LOG_FILE
 #ifdef _WIN32

urbackupserver/dllmain.cpp

@@ -623,6 +623,10 @@ DLLEXPORT void LoadActions(IServer* pServer)
 		}
 		else
 		{
+			if (!fileserv_fak->optainBackupPrivileges())
+			{
+				Server->Log("Error optaining backup SYSTEM privileges. Restoring symlinks may not work.", LL_ERROR);
+			}
 			fileserv = fileserv_fak->createFileServNoBind(std::string(), false, false, false);
 		}
 	}