as a directory if *target_is_directory* is ``True`` or a file symlink (the
default) otherwise. On non-Windows platforms, *target_is_directory* is ignored.
- Symbolic link support was introduced in Windows 6.0 (Vista). :func:`symlink`
- will raise a :exc:`NotImplementedError` on Windows versions earlier than 6.0.
-
This function can support :ref:`paths relative to directory descriptors
<dir_fd>`.
.. note::
- On Windows, the *SeCreateSymbolicLinkPrivilege* is required in order to
- successfully create symlinks. This privilege is not typically granted to
- regular users but is available to accounts which can escalate privileges
- to the administrator level. Either obtaining the privilege or running your
- application as an administrator are ways to successfully create symlinks.
+ On newer versions of Windows 10, unprivileged accounts can create symlinks
+ if Developer Mode is enabled. When Developer Mode is not available/enabled,
+ the *SeCreateSymbolicLinkPrivilege* privilege is required, or the process
+ must be run as an administrator.
:exc:`OSError` is raised when the function is called by an unprivileged
.. versionchanged:: 3.6
Accepts a :term:`path-like object` for *src* and *dst*.
+ .. versionchanged:: 3.8
+ Added support for unelevated symlinks on Windows with Developer Mode.
+
.. function:: sync()
#include <windows.h>
#include <shellapi.h> /* for ShellExecute() */
#include <lmcons.h> /* for UNLEN */
-#ifdef SE_CREATE_SYMBOLIC_LINK_NAME /* Available starting with Vista */
#define HAVE_SYMLINK
-static int win32_can_symlink = 0;
-#endif
#endif /* _MSC_VER */
#ifndef MAXPATHLEN
#if defined(MS_WINDOWS)
-/* Grab CreateSymbolicLinkW dynamically from kernel32 */
-static BOOLEAN (CALLBACK *Py_CreateSymbolicLinkW)(LPCWSTR, LPCWSTR, DWORD) = NULL;
-
-static int
-check_CreateSymbolicLink(void)
-{
- HINSTANCE hKernel32;
- /* only recheck */
- if (Py_CreateSymbolicLinkW)
- return 1;
-
- Py_BEGIN_ALLOW_THREADS
- hKernel32 = GetModuleHandleW(L"KERNEL32");
- *(FARPROC*)&Py_CreateSymbolicLinkW = GetProcAddress(hKernel32,
- "CreateSymbolicLinkW");
- Py_END_ALLOW_THREADS
-
- return Py_CreateSymbolicLinkW != NULL;
-}
-
/* Remove the last portion of the path - return 0 on success */
static int
_dirnameW(WCHAR *path)
{
#ifdef MS_WINDOWS
DWORD result;
+ DWORD flags = 0;
+
+ /* Assumed true, set to false if detected to not be available. */
+ static int windows_has_symlink_unprivileged_flag = TRUE;
#else
int result;
#endif
#ifdef MS_WINDOWS
- if (!check_CreateSymbolicLink()) {
- PyErr_SetString(PyExc_NotImplementedError,
- "CreateSymbolicLink functions not found");
- return NULL;
- }
- if (!win32_can_symlink) {
- PyErr_SetString(PyExc_OSError, "symbolic link privilege not held");
- return NULL;
- }
-#endif
-#ifdef MS_WINDOWS
+ if (windows_has_symlink_unprivileged_flag) {
+ /* Allow non-admin symlinks if system allows it. */
+ flags |= SYMBOLIC_LINK_FLAG_ALLOW_UNPRIVILEGED_CREATE;
+ }
Py_BEGIN_ALLOW_THREADS
_Py_BEGIN_SUPPRESS_IPH
- /* if src is a directory, ensure target_is_directory==1 */
- target_is_directory |= _check_dirW(src->wide, dst->wide);
- result = Py_CreateSymbolicLinkW(dst->wide, src->wide,
- target_is_directory);
+ /* if src is a directory, ensure flags==1 (target_is_directory bit) */
+ if (target_is_directory || _check_dirW(src->wide, dst->wide)) {
+ flags |= SYMBOLIC_LINK_FLAG_DIRECTORY;
+ }
+
+ result = CreateSymbolicLinkW(dst->wide, src->wide, flags);
_Py_END_SUPPRESS_IPH
Py_END_ALLOW_THREADS
+ if (windows_has_symlink_unprivileged_flag && !result &&
+ ERROR_INVALID_PARAMETER == GetLastError()) {
+
+ Py_BEGIN_ALLOW_THREADS
+ _Py_BEGIN_SUPPRESS_IPH
+ /* This error might be caused by
+ SYMBOLIC_LINK_FLAG_ALLOW_UNPRIVILEGED_CREATE not being supported.
+ Try again, and update windows_has_symlink_unprivileged_flag if we
+ are successful this time.
+
+ NOTE: There is a risk of a race condition here if there are other
+ conditions than the flag causing ERROR_INVALID_PARAMETER, and
+ another process (or thread) changes that condition in between our
+ calls to CreateSymbolicLink.
+ */
+ flags &= ~(SYMBOLIC_LINK_FLAG_ALLOW_UNPRIVILEGED_CREATE);
+ result = CreateSymbolicLinkW(dst->wide, src->wide, flags);
+ _Py_END_SUPPRESS_IPH
+ Py_END_ALLOW_THREADS
+
+ if (result || ERROR_INVALID_PARAMETER != GetLastError()) {
+ windows_has_symlink_unprivileged_flag = FALSE;
+ }
+ }
+
if (!result)
return path_error2(src, dst);
{NULL, NULL} /* Sentinel */
};
-
-#if defined(HAVE_SYMLINK) && defined(MS_WINDOWS)
-static int
-enable_symlink()
-{
- HANDLE tok;
- TOKEN_PRIVILEGES tok_priv;
- LUID luid;
-
- if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &tok))
- return 0;
-
- if (!LookupPrivilegeValue(NULL, SE_CREATE_SYMBOLIC_LINK_NAME, &luid))
- return 0;
-
- tok_priv.PrivilegeCount = 1;
- tok_priv.Privileges[0].Luid = luid;
- tok_priv.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
-
- if (!AdjustTokenPrivileges(tok, FALSE, &tok_priv,
- sizeof(TOKEN_PRIVILEGES),
- (PTOKEN_PRIVILEGES) NULL, (PDWORD) NULL))
- return 0;
-
- /* ERROR_NOT_ALL_ASSIGNED returned when the privilege can't be assigned. */
- return GetLastError() == ERROR_NOT_ALL_ASSIGNED ? 0 : 1;
-}
-#endif /* defined(HAVE_SYMLINK) && defined(MS_WINDOWS) */
-
static int
all_ins(PyObject *m)
{
PyObject *list;
const char * const *trace;
-#if defined(HAVE_SYMLINK) && defined(MS_WINDOWS)
- win32_can_symlink = enable_symlink();
-#endif
-
m = PyModule_Create(&posixmodule);
if (m == NULL)
return NULL;
projects / python / commitdiff