summaryrefslogtreecommitdiff
path: root/shared/privilege.cpp
blob: c854ad4e125eb5d81e9f5d8d560f29bfaa9cab3c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
#include "privilege.h"
#include "last_error.h"
#include "i18n.h"
#include "loki/ScopeGuard.h"

using namespace zen;


Privileges& Privileges::getInstance()
{
    static Privileges instance;
    return instance;
}


bool Privileges::privilegeIsActive(LPCTSTR privilege) //throw (FileError)
{
    HANDLE hToken = NULL;
    if (!::OpenProcessToken(::GetCurrentProcess(), //__in   HANDLE ProcessHandle,
                            TOKEN_QUERY,           //__in   DWORD DesiredAccess,
                            &hToken))              //__out  PHANDLE TokenHandle
    {
        const wxString errorMessage = wxString(_("Error setting privilege:")) + wxT(" \"") + privilege +  wxT("\"");
        throw FileError(errorMessage + wxT("\n\n") + zen::getLastErrorFormatted());
    }
    Loki::ScopeGuard dummy = Loki::MakeGuard(::CloseHandle, hToken);
    (void)dummy; //silence warning "unused variable"


    LUID luid = {};
    if (!::LookupPrivilegeValue(
            NULL,      //__in_opt  LPCTSTR lpSystemName,
            privilege, //__in      LPCTSTR lpName,
            &luid ))   //__out     PLUID lpLuid
    {
        const wxString errorMessage = wxString(_("Error setting privilege:")) + wxT(" \"") + privilege +  wxT("\"");
        throw FileError(errorMessage + wxT("\n\n") + zen::getLastErrorFormatted());
    }

    PRIVILEGE_SET priv  = {};
    priv.PrivilegeCount = 1;
    priv.Control        = PRIVILEGE_SET_ALL_NECESSARY;
    priv.Privilege[0].Luid = luid;
    priv.Privilege[0].Attributes = SE_PRIVILEGE_ENABLED;

    BOOL alreadyGranted = FALSE;
    if (!::PrivilegeCheck(
            hToken,           //__in     HANDLE ClientToken,
            &priv,            //__inout  PPRIVILEGE_SET RequiredPrivileges,
            &alreadyGranted)) //__out    LPBOOL pfResult
    {
        const wxString errorMessage = wxString(_("Error setting privilege:")) + wxT(" \"") + privilege +  wxT("\"");
        throw FileError(errorMessage + wxT("\n\n") + zen::getLastErrorFormatted());
    }

    return alreadyGranted == TRUE;
}


void Privileges::setPrivilege(LPCTSTR privilege, bool enable) //throw (FileError)
{
    HANDLE hToken = NULL;
    if (!::OpenProcessToken(::GetCurrentProcess(),   //__in   HANDLE ProcessHandle,
                            TOKEN_ADJUST_PRIVILEGES, //__in   DWORD DesiredAccess,
                            &hToken))                //__out  PHANDLE TokenHandle
    {
        const wxString errorMessage = wxString(_("Error setting privilege:")) + wxT(" \"") + privilege +  wxT("\"");
        throw FileError(errorMessage + wxT("\n\n") + zen::getLastErrorFormatted());
    }
    Loki::ScopeGuard dummy = Loki::MakeGuard(::CloseHandle, hToken);
    (void)dummy; //silence warning "unused variable"

    LUID luid = {};
    if (!::LookupPrivilegeValue(
            NULL,      //__in_opt  LPCTSTR lpSystemName,
            privilege, //__in      LPCTSTR lpName,
            &luid ))   //__out     PLUID lpLuid
    {
        const wxString errorMessage = wxString(_("Error setting privilege:")) + wxT(" \"") + privilege +  wxT("\"");
        throw FileError(errorMessage + wxT("\n\n") + zen::getLastErrorFormatted());
    }

    TOKEN_PRIVILEGES tp = {};
    tp.PrivilegeCount   = 1;
    tp.Privileges[0].Luid = luid;
    tp.Privileges[0].Attributes = enable ? SE_PRIVILEGE_ENABLED : 0;

    if (!::AdjustTokenPrivileges(
            hToken, //__in       HANDLE TokenHandle,
            false,  //__in       BOOL DisableAllPrivileges,
            &tp,    //__in_opt   PTOKEN_PRIVILEGES NewState,
            0,      //__in       DWORD BufferLength,
            NULL,   //__out_opt  PTOKEN_PRIVILEGES PreviousState,
            NULL))  //__out_opt  PDWORD ReturnLength
    {
        const wxString errorMessage = wxString(_("Error setting privilege:")) + wxT(" \"") + privilege +  wxT("\"");
        throw FileError(errorMessage + wxT("\n\n") + zen::getLastErrorFormatted());
    }

    if (::GetLastError() == ERROR_NOT_ALL_ASSIGNED) //check although previous function returned with success!
    {
        const wxString errorMessage = wxString(_("Error setting privilege:")) + wxT(" \"") + privilege +  wxT("\"");
        throw FileError(errorMessage + wxT("\n\n") + zen::getLastErrorFormatted());
    }
}
bgstack15