From 9e9968197c4c4a9c45573ae724435d84d3c6b0b4 Mon Sep 17 00:00:00 2001
From: Roger Luethi <rl@patchworkscience.org>
Date: Tue, 17 Jun 2014 18:45:15 +0200
Subject: [PATCH] wbatch: elevated privileges for create_hostnet

Currently, create_hostnet.bat asks no less than six times for elevated
privileges (once for each network created or modified). This change adds
code that allows create_hostnet to keep the elevated privileges while
configuring networks. That is, it prompts once rather than six times.

Partial-Bug: 1312764
Implements: blueprint openstack-training-labs
Change-Id: I30f9c158c674f1e308dc14d5e2efef184b6d464b
---
 labs/lib/wbatch/batch_for_windows          |  6 +++++
 labs/lib/wbatch/template-elevate_privs_bat | 26 ++++++++++++++++++++++
 2 files changed, 32 insertions(+)
 create mode 100644 labs/lib/wbatch/template-elevate_privs_bat

diff --git a/labs/lib/wbatch/batch_for_windows b/labs/lib/wbatch/batch_for_windows
index a0bd10b2..62fc7a12 100644
--- a/labs/lib/wbatch/batch_for_windows
+++ b/labs/lib/wbatch/batch_for_windows
@@ -139,6 +139,10 @@ function wbatch_end_file {
     wbatch_close_file
 }
 
+function wbatch_elevate_privileges {
+    cat "$WBATCH_TEMPLATE_DIR/template-elevate_privs_bat" | wbatch_write_stdin
+}
+
 function wbatch_find_vbm {
     cat "$WBATCH_TEMPLATE_DIR/template-find_vbm_bat" | wbatch_write_stdin
 }
@@ -165,6 +169,8 @@ function wbatch_mkdirs {
 function wbatch_create_hostnet {
     wbatch_new_file "create_hostnet.bat"
     wbatch_file_header "host-only networks"
+    # Creating networks requires elevated privileges
+    wbatch_elevate_privileges
     wbatch_find_vbm
 
     sed -e "
diff --git a/labs/lib/wbatch/template-elevate_privs_bat b/labs/lib/wbatch/template-elevate_privs_bat
new file mode 100644
index 00000000..e6df3632
--- /dev/null
+++ b/labs/lib/wbatch/template-elevate_privs_bat
@@ -0,0 +1,26 @@
+REM Elevate credentials, code courtesy of Matthew Newton
+REM http://blog.mnewton.com/articles/Windows-Installer-Batch-Script-Revisited.html
+REM Check for permissions
+>nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system"
+
+REM If error flag set, we do not have admin.
+if '%errorlevel%' NEQ '0' (
+  echo Requesting administrative privileges...
+  goto UACPrompt
+) else ( goto gotAdmin )
+
+
+:UACPrompt
+  echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs"
+  echo UAC.ShellExecute "%~s0", "", "", "runas", 1  >> "%temp%\getadmin.vbs"
+
+  "%temp%\getadmin.vbs"
+  REM we are done, exiting recursive call
+  exit /B
+
+:gotAdmin
+  if exist "%temp%\getadmin.vbs" ( del "%temp%\getadmin.vbs" )
+  echo We have admin privileges, proceeding...
+
+REM vim: set ai ts=4 sw=4 et ft=dosbatch:
+