-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathSecurityUtils.cpp
50 lines (42 loc) · 1.49 KB
/
SecurityUtils.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
#include <Windows.h>
#include <string>
#include "SysErrorMessage.h"
#include "SecurityUtils.h"
/// <summary>
/// Enable a privilege if possible (present in current thread token).
/// CALLER SHOULD HAVE CALLED ImpersonateSelf PRIOR TO THIS
/// </summary>
/// <param name="szPrivilege">In: Name of privilege; e.g., SE_DEBUG_NAME</param>
/// <param name="sErrorInfo">Out: error information, on failure</param>
/// <returns>true if successful, false otherwise</returns>
bool EnablePrivilege(const wchar_t* szPrivilege, std::wstring& sErrorInfo)
{
BOOL ret;
DWORD dwLastErr;
HANDLE hToken;
TOKEN_PRIVILEGES tkp = { 0 };
// Caller must be impersonating - should have called ImpersonateSelf so that we're not
// modifying privileges in the process token, just in the current thread.
// This call will fail if not impersonating - threads don't get their own tokens by default.
if (!OpenThreadToken(GetCurrentThread(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, TRUE, &hToken))
{
sErrorInfo = SysErrorMessageWithCode();
return false;
}
ret = LookupPrivilegeValueW(NULL, szPrivilege, &tkp.Privileges[0].Luid);
dwLastErr = GetLastError();
if (ret)
{
tkp.PrivilegeCount = 1; // one privilege to set
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
ret = AdjustTokenPrivileges(hToken, FALSE, &tkp, 0, NULL, NULL);
dwLastErr = GetLastError();
}
CloseHandle(hToken);
if (!ret || ERROR_SUCCESS != dwLastErr)
{
sErrorInfo = SysErrorMessageWithCode(dwLastErr);
return false;
}
return true;
}