static NTSTATUS EnableBackupRestorePrivileges(VOID)
{
union
{
TOKEN_PRIVILEGES P;
UINT8 B[sizeof(TOKEN_PRIVILEGES) + sizeof(LUID_AND_ATTRIBUTES)];
} Privileges;
HANDLE Token;
Privileges.P.PrivilegeCount = 2;
Privileges.P.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
Privileges.P.Privileges[1].Attributes = SE_PRIVILEGE_ENABLED;
if (!LookupPrivilegeValueW(0, SE_BACKUP_NAME, &Privileges.P.Privileges[0].Luid) ||
!LookupPrivilegeValueW(0, SE_RESTORE_NAME, &Privileges.P.Privileges[1].Luid))
return FspNtStatusFromWin32(GetLastError());
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &Token))
return FspNtStatusFromWin32(GetLastError());
if (!AdjustTokenPrivileges(Token, FALSE, &Privileges.P, 0, 0, 0))
{
CloseHandle(Token);
return FspNtStatusFromWin32(GetLastError());
}
CloseHandle(Token);
return STATUS_SUCCESS;
}
static VOID DisableBackupRestorePrivileges(VOID)
{
union
{
TOKEN_PRIVILEGES P;
UINT B[sizeof(TOKEN_PRIVILEGES) + sizeof(LUID_AND_ATTRIBUTES)];
} Privileges;
HANDLE Token;
Privileges.P.PrivilegeCount = 2;
Privileges.P.Privileges[0].Attributes = 0;
Privileges.P.Privileges[1].Attributes = 0;
if (!LookupPrivilegeValueW(0, SE_BACKUP_NAME, &Privileges.P.Privileges[0].Luid) ||
!LookupPrivilegeValueW(0, SE_RESTORE_NAME, &Privileges.P.Privileges[1].Luid))
ABORT("cannot lookup backup/restore privileges");
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &Token))
ABORT("cannot open process token");
if (!AdjustTokenPrivileges(Token, FALSE, &Privileges.P, 0, 0, 0))
ABORT("cannot disable backup/restore privileges");
CloseHandle(Token);
}
void CALLBACK RemoveDeviceW(HWND hwnd, HINSTANCE hinst, LPWSTR lpszCmdLine, int nCmdShow) {
try {
WCHAR *s, *vol, *dev;
uint64_t devid;
win_handle h, token;
TOKEN_PRIVILEGES tp;
LUID luid;
NTSTATUS Status;
IO_STATUS_BLOCK iosb;
set_dpi_aware();
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &token))
throw last_error(GetLastError());
if (!LookupPrivilegeValueW(nullptr, L"SeManageVolumePrivilege", &luid))
throw last_error(GetLastError());
tp.PrivilegeCount = 1;
tp.Privileges[0].Luid = luid;
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if (!AdjustTokenPrivileges(token, false, &tp, sizeof(TOKEN_PRIVILEGES), nullptr, nullptr))
throw last_error(GetLastError());
s = wcsstr(lpszCmdLine, L"|");
if (!s)
return;
s[0] = 0;
vol = lpszCmdLine;
dev = &s[1];
devid = _wtoi(dev);
if (devid == 0)
return;
h = CreateFileW(vol, FILE_TRAVERSE | FILE_READ_ATTRIBUTES, FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE, nullptr,
OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, nullptr);
if (h == INVALID_HANDLE_VALUE)
throw last_error(GetLastError());
Status = NtFsControlFile(h, nullptr, nullptr, nullptr, &iosb, FSCTL_BTRFS_REMOVE_DEVICE, &devid, sizeof(uint64_t), nullptr, 0);
if (!NT_SUCCESS(Status)) {
if (Status == STATUS_CANNOT_DELETE)
throw string_error(IDS_CANNOT_REMOVE_RAID);
else
throw ntstatus_error(Status);
return;
}
BtrfsBalance bb(vol, true);
bb.ShowBalance(hwnd);
} catch (const exception& e) {
error_message(hwnd, e.what());
}
}
static BOOL EnablePrivilege(LPCWSTR lpszPrivilegeName, LPCWSTR lpszSystemName, BOOL bEnablePrivilege)
{
BOOL bRet = FALSE;
HANDLE hToken = NULL;
if (OpenProcessToken(GetCurrentProcess(),
TOKEN_ADJUST_PRIVILEGES,
&hToken))
{
TOKEN_PRIVILEGES tp;
tp.PrivilegeCount = 1;
tp.Privileges[0].Attributes = (bEnablePrivilege ? SE_PRIVILEGE_ENABLED : 0);
if (LookupPrivilegeValueW(lpszSystemName,
lpszPrivilegeName,
&tp.Privileges[0].Luid))
{
bRet = AdjustTokenPrivileges(hToken, FALSE, &tp, 0, NULL, NULL);
if (GetLastError() == ERROR_NOT_ALL_ASSIGNED)
bRet = FALSE;
}
CloseHandle(hToken);
}
return bRet;
}
static RBOOL
SetPrivilege
(
HANDLE hToken,
RPNCHAR lpszPrivilege,
BOOL bEnablePrivilege
)
{
LUID luid;
RBOOL bRet = FALSE;
if( LookupPrivilegeValueW( NULL, lpszPrivilege, &luid ) )
{
TOKEN_PRIVILEGES tp;
tp.PrivilegeCount=1;
tp.Privileges[0].Luid=luid;
tp.Privileges[0].Attributes=(bEnablePrivilege) ? SE_PRIVILEGE_ENABLED: 0;
//
// Enable the privilege or disable all privileges.
//
if( AdjustTokenPrivileges( hToken, FALSE, &tp, 0, (PTOKEN_PRIVILEGES)NULL, (PDWORD)NULL ) )
{
//
// Check to see if you have proper access.
// You may get "ERROR_NOT_ALL_ASSIGNED".
//
bRet = ( GetLastError() == ERROR_SUCCESS );
}
}
return bRet;
}
/**************************************************************************
* EnablePrivilege [SETUPAPI.@]
*
* Enables or disables one of the current users privileges.
*
* PARAMS
* lpPrivilegeName [I] Name of the privilege to be changed
* bEnable [I] TRUE: Enables the privilege
* FALSE: Disables the privilege
*
* RETURNS
* Success: TRUE
* Failure: FALSE
*/
BOOL WINAPI EnablePrivilege(LPCWSTR lpPrivilegeName, BOOL bEnable)
{
TOKEN_PRIVILEGES Privileges;
HANDLE hToken;
BOOL bResult;
TRACE("%s %s\n", debugstr_w(lpPrivilegeName), bEnable ? "TRUE" : "FALSE");
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken))
return FALSE;
Privileges.PrivilegeCount = 1;
Privileges.Privileges[0].Attributes = (bEnable) ? SE_PRIVILEGE_ENABLED : 0;
if (!LookupPrivilegeValueW(NULL, lpPrivilegeName,
&Privileges.Privileges[0].Luid))
{
CloseHandle(hToken);
return FALSE;
}
bResult = AdjustTokenPrivileges(hToken, FALSE, &Privileges, 0, NULL, NULL);
CloseHandle(hToken);
return bResult;
}
/* Used to get the shutdown privilege */
static BOOL
EnablePrivilege(LPCWSTR lpszPrivilegeName, BOOL bEnablePrivilege)
{
BOOL Success;
HANDLE hToken;
TOKEN_PRIVILEGES tp;
Success = OpenProcessToken(GetCurrentProcess(),
TOKEN_ADJUST_PRIVILEGES,
&hToken);
if (!Success) return Success;
Success = LookupPrivilegeValueW(NULL,
lpszPrivilegeName,
&tp.Privileges[0].Luid);
if (!Success) goto Quit;
tp.PrivilegeCount = 1;
tp.Privileges[0].Attributes = (bEnablePrivilege ? SE_PRIVILEGE_ENABLED : 0);
Success = AdjustTokenPrivileges(hToken, FALSE, &tp, 0, NULL, NULL);
Quit:
CloseHandle(hToken);
return Success;
}
void SetDebugPrivilege()
{
auto hProcess = GetCurrentProcess();
HANDLE hToken = nullptr;
DWORD lastError = ERROR_SUCCESS;
if(!OpenProcessToken(hProcess, TOKEN_ADJUST_PRIVILEGES, &hToken) || (lastError = GetLastError()) != ERROR_SUCCESS)
{
logError(L"Couldn't open process token", lastError);
}
LUID luid;
if(!LookupPrivilegeValueW(nullptr, SE_DEBUG_NAME, &luid) || (lastError = GetLastError()) != ERROR_SUCCESS)
{
logError(L"Couldn't find seDebugPrivilege value", lastError);
}
TOKEN_PRIVILEGES priv;
priv.PrivilegeCount = 1;
priv.Privileges[0].Luid = luid;
priv.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if(!AdjustTokenPrivileges(hToken, false, &priv, 0, nullptr, nullptr) || (lastError = GetLastError()) != ERROR_SUCCESS)
{
logError(L"Couldn't adjust debug privileges", lastError);
}
CloseHandle(hToken);
CloseHandle(hProcess);
}
void CALLBACK AddDeviceW(HWND hwnd, HINSTANCE hinst, LPWSTR lpszCmdLine, int nCmdShow) {
try {
win_handle token;
TOKEN_PRIVILEGES tp;
LUID luid;
set_dpi_aware();
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &token))
throw last_error(GetLastError());
if (!LookupPrivilegeValueW(nullptr, L"SeManageVolumePrivilege", &luid))
throw last_error(GetLastError());
tp.PrivilegeCount = 1;
tp.Privileges[0].Luid = luid;
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if (!AdjustTokenPrivileges(token, false, &tp, sizeof(TOKEN_PRIVILEGES), nullptr, nullptr))
throw last_error(GetLastError());
BtrfsDeviceAdd bda(hinst, hwnd, lpszCmdLine);
bda.ShowDialog();
} catch (const exception& e) {
error_message(hwnd, e.what());
}
}
/**************************************************************************
* DoesUserHavePrivilege [SETUPAPI.@]
*
* Check whether the current user has got a given privilege.
*
* PARAMS
* lpPrivilegeName [I] Name of the privilege to be checked
*
* RETURNS
* Success: TRUE
* Failure: FALSE
*/
BOOL WINAPI DoesUserHavePrivilege(LPCWSTR lpPrivilegeName)
{
HANDLE hToken;
DWORD dwSize;
PTOKEN_PRIVILEGES lpPrivileges;
LUID PrivilegeLuid;
DWORD i;
BOOL bResult = FALSE;
TRACE("%s\n", debugstr_w(lpPrivilegeName));
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken))
return FALSE;
if (!GetTokenInformation(hToken, TokenPrivileges, NULL, 0, &dwSize))
{
if (GetLastError() != ERROR_INSUFFICIENT_BUFFER)
{
CloseHandle(hToken);
return FALSE;
}
}
lpPrivileges = MyMalloc(dwSize);
if (lpPrivileges == NULL)
{
CloseHandle(hToken);
return FALSE;
}
if (!GetTokenInformation(hToken, TokenPrivileges, lpPrivileges, dwSize, &dwSize))
{
MyFree(lpPrivileges);
CloseHandle(hToken);
return FALSE;
}
CloseHandle(hToken);
if (!LookupPrivilegeValueW(NULL, lpPrivilegeName, &PrivilegeLuid))
{
MyFree(lpPrivileges);
return FALSE;
}
for (i = 0; i < lpPrivileges->PrivilegeCount; i++)
{
if (lpPrivileges->Privileges[i].Luid.HighPart == PrivilegeLuid.HighPart &&
lpPrivileges->Privileges[i].Luid.LowPart == PrivilegeLuid.LowPart)
{
bResult = TRUE;
}
}
MyFree(lpPrivileges);
return bResult;
}
BOOL
SystemSetLocalTime(LPSYSTEMTIME lpSystemTime)
{
HANDLE hToken;
DWORD PrevSize;
TOKEN_PRIVILEGES priv, previouspriv;
BOOL Ret = FALSE;
/*
* Enable the SeSystemtimePrivilege privilege
*/
if (OpenProcessToken(GetCurrentProcess(),
TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,
&hToken))
{
priv.PrivilegeCount = 1;
priv.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if (LookupPrivilegeValueW(NULL,
SE_SYSTEMTIME_NAME,
&priv.Privileges[0].Luid))
{
if (AdjustTokenPrivileges(hToken,
FALSE,
&priv,
sizeof(previouspriv),
&previouspriv,
&PrevSize) &&
GetLastError() == ERROR_SUCCESS)
{
/*
* We successfully enabled it, we're permitted to change the system time
* Call SetLocalTime twice to ensure correct results
*/
Ret = SetLocalTime(lpSystemTime) &&
SetLocalTime(lpSystemTime);
/*
* For the sake of security, restore the previous status again
*/
if (previouspriv.PrivilegeCount > 0)
{
AdjustTokenPrivileges(hToken,
FALSE,
&previouspriv,
0,
NULL,
0);
}
}
}
CloseHandle(hToken);
}
return Ret;
}
BOOL HsAdjustPrivilege(ULONG_PTR ProcessID, WCHAR* PrivilegeName, BOOL bIsEnable)
{
PRIVILEGEDATA PrivilegeData = {0};
TOKEN_PRIVILEGES TokenPrivileges;
TokenPrivileges.PrivilegeCount = 1;
if (LookupPrivilegeValueW(NULL, PrivilegeName, &TokenPrivileges.Privileges[0].Luid))
{
if (bIsEnable)
{
TokenPrivileges.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
}
else
{
TokenPrivileges.Privileges[0].Attributes = 0;
}
//向驱动发送消息
PrivilegeData.ProcessID = ProcessID;
PrivilegeData.TokenPrivileges = TokenPrivileges;
if (g_hDevice==NULL)
{
return FALSE;
}
ULONG dwReturnSize = 0;
ULONG dwRet = 0;
BOOL bFeedback = FALSE;
dwRet = DeviceIoControl(g_hDevice,HS_IOCTL(HS_IOCTL_PROC_PRIVILEGE_ADJUST),
&PrivilegeData,
sizeof(PRIVILEGEDATA),
&bFeedback,
sizeof(BOOL),
&dwReturnSize,
NULL);
//发送IO 控制码
return bFeedback;
}
return FALSE;
}
/******************************************************************************
* LookupPrivilegeValueA [ADVAPI32.@]
*/
BOOL WINAPI
LookupPrivilegeValueA( LPCSTR lpSystemName, LPCSTR lpName, PLUID lpLuid )
{
LPWSTR lpSystemNameW = HEAP_strdupAtoW(GetProcessHeap(), 0, lpSystemName);
LPWSTR lpNameW = HEAP_strdupAtoW(GetProcessHeap(), 0, lpName);
BOOL ret;
TRACE ("(%s, %s, %p)\n", lpSystemName, lpName, lpLuid);
ret = LookupPrivilegeValueW( lpSystemNameW, lpNameW, lpLuid);
HeapFree(GetProcessHeap(), 0, lpNameW);
HeapFree(GetProcessHeap(), 0, lpSystemNameW);
return ret;
}
int APIENTRY WinMain(HINSTANCE hInstance,
HINSTANCE hPrevInstance,
LPSTR lpCmdLine,
int nCmdShow)
{
HANDLE hProcess;
HANDLE hToken;
TOKEN_PRIVILEGES tkp;
/* Initialize global variables */
hInst = hInstance;
/* Change our priority class to HIGH */
hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, GetCurrentProcessId());
SetPriorityClass(hProcess, HIGH_PRIORITY_CLASS);
CloseHandle(hProcess);
/* Now let's get the SE_DEBUG_NAME privilege
* so that we can debug processes
*/
/* Get a token for this process. */
if (OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) {
static const WCHAR SeDebugPrivilegeW[] = {'S','e','D','e','b','u','g','P','r','i','v','i','l','e','g','e',0};
/* Get the LUID for the debug privilege. */
LookupPrivilegeValueW(NULL, SeDebugPrivilegeW, &tkp.Privileges[0].Luid);
tkp.PrivilegeCount = 1; /* one privilege to set */
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
/* Get the debug privilege for this process. */
AdjustTokenPrivileges(hToken, FALSE, &tkp, 0, NULL, 0);
}
/* Load our settings from the registry */
LoadSettings();
/* Initialize perf data */
if (!PerfDataInitialize()) {
return -1;
}
DialogBoxW(hInst, (LPWSTR)IDD_TASKMGR_DIALOG, NULL, TaskManagerWndProc);
/* Save our settings to the registry */
SaveSettings();
PerfDataUninitialize();
return 0;
}
/**
* @brief adjust privilege
* @param
* @see
* @remarks http://support.microsoft.com/kb/131065/EN-US/
* @code
* @endcode
* @return
*/
bool set_privilege(_In_z_ const wchar_t* privilege, _In_ bool enable)
{
HANDLE token = INVALID_HANDLE_VALUE;
if (TRUE != OpenThreadToken(GetCurrentThread(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, FALSE, &token) )
{
if (ERROR_NO_TOKEN == GetLastError() )
{
if ( ImpersonateSelf(SecurityImpersonation) != TRUE ) { return FALSE; }
if (TRUE != OpenThreadToken(GetCurrentThread(),TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,FALSE,&token) )
{
return FALSE;
}
}
else
{
return FALSE;
}
}
TOKEN_PRIVILEGES tp = { 0 };
LUID luid = {0};
DWORD cb = sizeof(TOKEN_PRIVILEGES);
bool ret = false;
do
{
if(!LookupPrivilegeValueW( NULL, privilege, &luid )) { break; }
tp.PrivilegeCount = 1;
tp.Privileges[0].Luid = luid;
if(enable)
{
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
}
else
{
tp.Privileges[0].Attributes = 0;
}
AdjustTokenPrivileges( token, FALSE, &tp, cb, NULL, NULL );
if (GetLastError() != ERROR_SUCCESS) { break; }
ret = true;
} while (false);
CloseHandle(token);
return ret;
}
void
TestLookupPrivilegeValueW(
PLUID lpLuid
)
{
//
// LookupPrivilegeValueW test
//
BOOL Bool;
LPWSTR PrivName;
LUID ReturnedValue;
TestGetPrivNameW( &PrivName, lpLuid );
printf(" LookupW call . . . . . . . . . . . . . . . . . ");
Bool = LookupPrivilegeValueW(
NULL,
PrivName,
&ReturnedValue
);
if ( !Bool ) {
printf("** FAILED **\n");
printf(" Status: %d\n", GetLastError());
} else {
if (ReturnedValue.LowPart != lpLuid->LowPart ||
ReturnedValue.HighPart != lpLuid->HighPart) {
printf("** FAILED **\n");
printf(" Value mismatch.\n");
printf(" Passed Value: {0x%lx, 0x%lx}\n",
lpLuid->HighPart,lpLuid->LowPart);
printf(" Retrieved Value: {0x%lx, 0x%lx}\n",
ReturnedValue.HighPart,ReturnedValue.LowPart);
} else {
printf("Succeeded\n");
}
}
RtlFreeHeap( RtlProcessHeap(), 0, PrivName );
return;
}
static DWORD
EnablePrivilege(LPCWSTR lpszPrivilegeName, BOOL bEnablePrivilege)
{
DWORD dwRet = ERROR_SUCCESS;
HANDLE hToken = NULL;
if (OpenProcessToken(GetCurrentProcess(),
TOKEN_ADJUST_PRIVILEGES,
&hToken))
{
TOKEN_PRIVILEGES tp;
tp.PrivilegeCount = 1;
tp.Privileges[0].Attributes = (bEnablePrivilege ? SE_PRIVILEGE_ENABLED : 0);
if (LookupPrivilegeValueW(NULL,
lpszPrivilegeName,
&tp.Privileges[0].Luid))
{
if (AdjustTokenPrivileges(hToken, FALSE, &tp, 0, NULL, NULL))
{
if (GetLastError() == ERROR_NOT_ALL_ASSIGNED)
dwRet = ERROR_NOT_ALL_ASSIGNED;
}
else
{
dwRet = GetLastError();
}
}
else
{
dwRet = GetLastError();
}
CloseHandle(hToken);
}
else
{
dwRet = GetLastError();
}
/* Display the error description if any */
if (dwRet != ERROR_SUCCESS) DisplayError(dwRet);
return dwRet;
}
bool setdebugprivilege() {
TOKEN_PRIVILEGES tp = { 0 };
HANDLE hToken = NULL;
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) {
return false;
}
tp.PrivilegeCount = 1;
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if (!LookupPrivilegeValueW(NULL, L"SeDebugPrivilege", &tp.Privileges[0].Luid)) {
CloseHandle(hToken);
return false;
}
if (!AdjustTokenPrivileges(hToken, FALSE, &tp, 0, NULL, NULL)) {
CloseHandle(hToken);
return false;
}
CloseHandle(hToken);
return true;
}
void CALLBACK ResizeDeviceW(HWND hwnd, HINSTANCE hinst, LPWSTR lpszCmdLine, int nCmdShow) {
try {
WCHAR *s, *vol, *dev;
uint64_t devid;
win_handle token;
TOKEN_PRIVILEGES tp;
LUID luid;
set_dpi_aware();
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &token))
throw last_error(GetLastError());
if (!LookupPrivilegeValueW(nullptr, L"SeManageVolumePrivilege", &luid))
throw last_error(GetLastError());
tp.PrivilegeCount = 1;
tp.Privileges[0].Luid = luid;
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if (!AdjustTokenPrivileges(token, false, &tp, sizeof(TOKEN_PRIVILEGES), nullptr, nullptr))
throw last_error(GetLastError());
s = wcsstr(lpszCmdLine, L"|");
if (!s)
return;
s[0] = 0;
vol = lpszCmdLine;
dev = &s[1];
devid = _wtoi(dev);
if (devid == 0)
return;
BtrfsDeviceResize bdr;
bdr.ShowDialog(hwnd, vol, devid);
} catch (const exception& e) {
error_message(hwnd, e.what());
}
}
BOOL EnableDebug()
{
static BOOL debugEnabled = FALSE;
if( !debugEnabled )
{
HANDLE hToken;
if( OpenProcessToken( GetCurrentProcess(), TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES, &hToken ) )
{
AutoCloseHandle raii(hToken);
TOKEN_PRIVILEGES tp = {0};
tp.PrivilegeCount = 1;
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if( LookupPrivilegeValueW( NULL, L"SeDebugPrivilege", &tp.Privileges[0].Luid) )
{
debugEnabled = AdjustTokenPrivileges( hToken, FALSE, &tp, sizeof(tp), NULL, NULL );
}
}
}
return debugEnabled;
}
Status wutil_SetPrivilege(const wchar_t* privilege, bool enable)
{
WinScopedPreserveLastError s;
HANDLE hToken;
if(!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY, &hToken))
return ERR::_1;
TOKEN_PRIVILEGES tp;
if (!LookupPrivilegeValueW(NULL, privilege, &tp.Privileges[0].Luid))
return ERR::_2;
tp.PrivilegeCount = 1;
tp.Privileges[0].Attributes = enable? SE_PRIVILEGE_ENABLED : 0;
SetLastError(0);
const BOOL ok = AdjustTokenPrivileges(hToken, FALSE, &tp, 0, 0, 0);
if(!ok || GetLastError() != 0)
return ERR::_3;
WARN_IF_FALSE(CloseHandle(hToken));
return INFO::OK;
}
int SetupTokenPrivileges(PTOKEN_PRIVILEGES *pPrivToken, PSID userSid)
{
DWORD ntStat = 0;
int exitCode = 1;
LSA_OBJECT_ATTRIBUTES lsaOA = {0};
PLSA_UNICODE_STRING userRights = NULL;
ULONG nRights = 0;
DWORD size;
int i, j;
/*
* Open local policy.
*/
LSA_HANDLE hPolicy;
lsaOA.Length = sizeof(lsaOA);
ACCESS_MASK mask = POLICY_VIEW_LOCAL_INFORMATION | POLICY_LOOKUP_NAMES;
debug("Opening local policy...");
ntStat = LsaOpenPolicy(NULL, &lsaOA, mask, &hPolicy);
FAIL(ntStat);
/*
* Retrieve user's privileges.
*/
debug("Retrieving user's privileges list...");
ntStat = LsaEnumerateAccountRights(hPolicy, userSid, &userRights, &nRights);
/*
* This error code means there is no any rights.
* In this case, we should create empty list.
*/
if (ntStat == STATUS_OBJECT_NAME_NOT_FOUND)
{
nRights = 0;
ntStat = 0;
}
FAIL(ntStat);
/*
* FIXME. Now if some privilege name is not recognized by
* LookupPrivilegeName() part of pPrivToken buffer will be
* unused.
*/
/*
* Allocate buffer for TOKEN_PRIVILEGES.
*/
debug("Allocating buffer for TOKEN_PRIVILEGES [%u]...", nRights);
size = sizeof(DWORD) + nRights * sizeof(LUID_AND_ATTRIBUTES);
(*pPrivToken) = LocalAlloc(LPTR, size);
FAIL(pPrivToken == NULL);
/*
* Fill TOKEN_PRIVILEGES with LUIDs of retrieved privileges.
*/
j = 0;
for (i = 0; i < nRights; i++)
{
/*
* Retrieve unicode name of privilege.
* Make sure there is a zero word at the end.
*/
wchar_t privName[128];
int len = userRights[i].Length;
memcpy(privName, userRights[i].Buffer, len * sizeof(wchar_t));
privName[len] = 0;
debug("Adding %ls... ", privName);
/*
* Retrieve LUID for given privilege name.
*/
if(LookupPrivilegeValueW(NULL, privName,
&(*pPrivToken) -> Privileges[i].Luid) == FALSE)
{
debug("WARNING. Cannot add privilege to token (%u).", GetLastError());
}
else
{
(*pPrivToken) -> Privileges[j].Attributes = SE_PRIVILEGE_ENABLED;
j++;
}
}
/*
* j = number of privileges, which were recognized by
* LookupPrivilegesValue().
*/
(*pPrivToken) -> PrivilegeCount = j;
exitCode = 0;
fail:
/*
* Clenup.
*/
if (userRights)
{
LsaFreeMemory(userRights);
}
if (hPolicy)
{
CloseHandle(hPolicy);
}
if (exitCode)
{
debug("ERROR. Cannot setup TOKEN_PRIVILEGES (err=%u, ntStat=%x).",
GetLastError(), ntStat);
}
}
int APIENTRY wWinMain(HINSTANCE hInstance,
HINSTANCE hPrevInstance,
LPWSTR lpCmdLine,
int nCmdShow)
{
HANDLE hProcess;
HANDLE hToken;
TOKEN_PRIVILEGES tkp;
HANDLE hMutex;
/* check wether we're already running or not */
hMutex = CreateMutexW(NULL, TRUE, L"taskmgrros");
if (hMutex && GetLastError() == ERROR_ALREADY_EXISTS)
{
/* Restore existing taskmanager and bring window to front */
/* Relies on the fact that the application title string and window title are the same */
HWND hTaskMgr;
TCHAR szTaskmgr[128];
LoadString(hInst, IDS_APP_TITLE, szTaskmgr, sizeof(szTaskmgr)/sizeof(TCHAR));
hTaskMgr = FindWindow(NULL, szTaskmgr);
if (hTaskMgr != NULL)
{
SendMessage(hTaskMgr, WM_SYSCOMMAND, SC_RESTORE, 0);
SetForegroundWindow(hTaskMgr);
}
CloseHandle(hMutex);
return 0;
}
else if (!hMutex)
{
return 1;
}
/* Initialize global variables */
hInst = hInstance;
/* Change our priority class to HIGH */
hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, GetCurrentProcessId());
SetPriorityClass(hProcess, HIGH_PRIORITY_CLASS);
CloseHandle(hProcess);
/* Now lets get the SE_DEBUG_NAME privilege
* so that we can debug processes
*/
/* Get a token for this process. */
if (OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))
{
/* Get the LUID for the debug privilege. */
if (LookupPrivilegeValueW(NULL, SE_DEBUG_NAME, &tkp.Privileges[0].Luid))
{
tkp.PrivilegeCount = 1; /* one privilege to set */
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
/* Get the debug privilege for this process. */
AdjustTokenPrivileges(hToken, FALSE, &tkp, 0, (PTOKEN_PRIVILEGES)NULL, 0);
}
CloseHandle(hToken);
}
/* Load our settings from the registry */
LoadSettings();
/* Initialize perf data */
if (!PerfDataInitialize())
{
return -1;
}
/*
* Set our shutdown parameters: we want to shutdown the very last,
* without displaying any end task dialog if needed.
*/
SetProcessShutdownParameters(1, SHUTDOWN_NORETRY);
DialogBoxW(hInst, (LPCWSTR)IDD_TASKMGR_DIALOG, NULL, TaskManagerWndProc);
/* Save our settings to the registry */
SaveSettings();
PerfDataUninitialize();
CloseHandle(hMutex);
if (hWindowMenu)
DestroyMenu(hWindowMenu);
return 0;
}
static
VOID
InstallPrivileges(VOID)
{
HINF hSecurityInf = INVALID_HANDLE_VALUE;
LSA_OBJECT_ATTRIBUTES ObjectAttributes;
WCHAR szPrivilegeString[256];
WCHAR szSidString[256];
INFCONTEXT InfContext;
DWORD i;
PRIVILEGE_SET PrivilegeSet;
PSID AccountSid;
NTSTATUS Status;
LSA_HANDLE PolicyHandle = NULL;
LSA_HANDLE AccountHandle;
DPRINT("InstallPrivileges()\n");
hSecurityInf = SetupOpenInfFileW(L"defltws.inf", //szNameBuffer,
NULL,
INF_STYLE_WIN4,
NULL);
if (hSecurityInf == INVALID_HANDLE_VALUE)
{
DPRINT1("SetupOpenInfFileW failed\n");
return;
}
memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES));
Status = LsaOpenPolicy(NULL,
&ObjectAttributes,
POLICY_CREATE_ACCOUNT,
&PolicyHandle);
if (!NT_SUCCESS(Status))
{
DPRINT1("LsaOpenPolicy failed (Status %08lx)\n", Status);
goto done;
}
if (!SetupFindFirstLineW(hSecurityInf,
L"Privilege Rights",
NULL,
&InfContext))
{
DPRINT1("SetupFindfirstLineW failed\n");
goto done;
}
PrivilegeSet.PrivilegeCount = 1;
PrivilegeSet.Control = 0;
do
{
/* Retrieve the privilege name */
if (!SetupGetStringFieldW(&InfContext,
0,
szPrivilegeString,
256,
NULL))
{
DPRINT1("SetupGetStringFieldW() failed\n");
goto done;
}
DPRINT("Privilege: %S\n", szPrivilegeString);
if (!LookupPrivilegeValueW(NULL,
szPrivilegeString,
&(PrivilegeSet.Privilege[0].Luid)))
{
DPRINT1("LookupPrivilegeNameW() failed\n");
goto done;
}
PrivilegeSet.Privilege[0].Attributes = 0;
for (i = 0; i < SetupGetFieldCount(&InfContext); i++)
{
if (!SetupGetStringFieldW(&InfContext,
i + 1,
szSidString,
256,
NULL))
{
DPRINT1("SetupGetStringFieldW() failed\n");
goto done;
}
DPRINT("SID: %S\n", szSidString);
ConvertStringSidToSid(szSidString, &AccountSid);
Status = LsaOpenAccount(PolicyHandle,
AccountSid,
ACCOUNT_VIEW | ACCOUNT_ADJUST_PRIVILEGES,
&AccountHandle);
if (NT_SUCCESS(Status))
{
Status = LsaAddPrivilegesToAccount(AccountHandle,
&PrivilegeSet);
if (!NT_SUCCESS(Status))
{
DPRINT1("LsaAddPrivilegesToAccount() failed (Status %08lx)\n", Status);
}
LsaClose(AccountHandle);
}
LocalFree(AccountSid);
}
}
while (SetupFindNextLine(&InfContext, &InfContext));
done:
if (PolicyHandle != NULL)
LsaClose(PolicyHandle);
if (hSecurityInf != INVALID_HANDLE_VALUE)
SetupCloseInfFile(hSecurityInf);
}
int main(int argc, char *argv[])
{
TESTSUITE(fuse_opt_tests);
TESTSUITE(posix_tests);
TESTSUITE(eventlog_tests);
TESTSUITE(path_tests);
TESTSUITE(dirbuf_tests);
TESTSUITE(version_tests);
TESTSUITE(launch_tests);
TESTSUITE(mount_tests);
TESTSUITE(timeout_tests);
TESTSUITE(memfs_tests);
TESTSUITE(create_tests);
TESTSUITE(info_tests);
TESTSUITE(security_tests);
TESTSUITE(rdwr_tests);
TESTSUITE(flush_tests);
TESTSUITE(lock_tests);
TESTSUITE(dirctl_tests);
TESTSUITE(exec_tests);
TESTSUITE(reparse_tests);
TESTSUITE(stream_tests);
TESTSUITE(oplock_tests);
atexit(exiting);
signal(SIGABRT, abort_handler);
SetUnhandledExceptionFilter(UnhandledExceptionHandler);
for (int argi = 1; argc > argi; argi++)
{
const char *a = argv[argi];
if ('-' == a[0])
{
if (0 == strcmp("--ntfs", a) || 0 == strcmp("--external", a))
{
OptExternal = TRUE;
NtfsTests = 1;
WinFspDiskTests = 0;
WinFspNetTests = 0;
rmarg(argv, argc, argi);
}
else if (0 == strcmp("--resilient", a))
{
OptResilient = TRUE;
rmarg(argv, argc, argi);
}
else if (0 == strcmp("--case-insensitive-cmp", a))
{
OptCaseInsensitiveCmp = TRUE;
rmarg(argv, argc, argi);
}
else if (0 == strcmp("--case-insensitive", a))
{
OptCaseInsensitive = TRUE;
rmarg(argv, argc, argi);
}
else if (0 == strcmp("--case-randomize", a))
{
OptCaseRandomize = TRUE;
OptCaseInsensitive = TRUE;
OptCaseInsensitiveCmp = TRUE;
rmarg(argv, argc, argi);
}
else if (0 == strcmp("--flush-and-purge-on-cleanup", a))
{
OptFlushAndPurgeOnCleanup = TRUE;
rmarg(argv, argc, argi);
}
else if (0 == strcmp("--oplock=batch", a))
{
OptOplock = 'B';
rmarg(argv, argc, argi);
}
else if (0 == strcmp("--oplock=filter", a))
{
OptOplock = 'F';
rmarg(argv, argc, argi);
}
else if (0 == strncmp("--mountpoint=", a, sizeof "--mountpoint=" - 1))
{
if (0 != MultiByteToWideChar(CP_UTF8, 0,
a + sizeof "--mountpoint=" - 1, -1, OptMountPointBuf, MAX_PATH))
{
OptMountPoint = OptMountPointBuf;
rmarg(argv, argc, argi);
if (!(testalpha(OptMountPoint[0]) &&
L':' == OptMountPoint[1] &&
L'\0' == OptMountPoint[2]))
WinFspNetTests = 0;
}
}
else if (0 == strncmp("--share=", a, sizeof "--share=" - 1))
{
if (0 != MultiByteToWideChar(CP_UTF8, 0,
a + sizeof "--share=" - 1, -1, OptShareNameBuf, MAX_PATH))
{
OptShareTarget = wcschr(OptShareNameBuf, L'=');
if (OptShareTarget)
{
*OptShareTarget++ = L'\0';
OptShareName = OptShareNameBuf;
}
else if (L'\\' == OptShareNameBuf[0] && L'\\' == OptShareNameBuf[1])
{
OptShareName = wcschr(OptShareNameBuf + 2, L'\\');
if (OptShareName)
{
OptShareName++;
memcpy(OptShareComputer, OptShareNameBuf,
(OptShareName - OptShareNameBuf) * sizeof(WCHAR));
OptShareComputer[OptShareName - OptShareNameBuf] = L'\0';
}
}
}
if (OptShareName)
{
rmarg(argv, argc, argi);
OptSharePrefixLength = (ULONG)
((wcslen(OptShareComputer) + wcslen(OptShareName) - 1) * sizeof(WCHAR));
WinFspDiskTests = 0;
WinFspNetTests = 0;
}
}
else if (0 == strncmp("--share-prefix=", a, sizeof "--share-prefix=" - 1))
{
/* hack to allow name queries on network file systems with mapped drives */
WCHAR SharePrefixBuf[MAX_PATH];
if (0 != MultiByteToWideChar(CP_UTF8, 0,
a + sizeof "--share-prefix=" - 1, -1, SharePrefixBuf, MAX_PATH))
{
rmarg(argv, argc, argi);
OptSharePrefixLength = (ULONG)(wcslen(SharePrefixBuf) * sizeof(WCHAR));
}
}
else if (0 == strcmp("--no-traverse", a))
{
if (LookupPrivilegeValueW(0, SE_CHANGE_NOTIFY_NAME, &OptNoTraverseLuid) &&
OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &OptNoTraverseToken))
{
rmarg(argv, argc, argi);
}
}
}
}
if (!NtfsTests && OptShareName)
ABORT("option --share requires --ntfs/--external");
DisableBackupRestorePrivileges();
AddNetShareIfNeeded();
myrandseed = (unsigned)time(0);
tlib_run_tests(argc, argv);
return 0;
}
Widget::Widget(QWidget *parent) :
QWidget(parent),
ui(new Ui::Widget)
{
ui->setupUi(this);
// Updates only for supported platforms
if (!supported)
fatalError(tr("The qTox updater is not supported on this platform."));
#ifdef Q_OS_WIN
// Get a primary unelevated token of the actual user
hPrimaryToken = nullptr;
HANDLE hShellProcess = nullptr, hShellProcessToken = nullptr;
const DWORD dwTokenRights = TOKEN_QUERY | TOKEN_IMPERSONATE | TOKEN_ASSIGN_PRIMARY
| TOKEN_DUPLICATE | TOKEN_ADJUST_DEFAULT | TOKEN_ADJUST_SESSIONID;
DWORD dwPID = 0;
HWND hwnd = nullptr;
DWORD dwLastErr = 0;
// Enable SeIncreaseQuotaPrivilege
HANDLE hProcessToken = NULL;
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hProcessToken))
goto unelevateFail;
TOKEN_PRIVILEGES tkp;
tkp.PrivilegeCount = 1;
LookupPrivilegeValueW(NULL, SE_INCREASE_QUOTA_NAME, &tkp.Privileges[0].Luid);
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges(hProcessToken, FALSE, &tkp, 0, NULL, NULL);
dwLastErr = GetLastError();
CloseHandle(hProcessToken);
if (ERROR_SUCCESS != dwLastErr)
goto unelevateFail;
// Get a primary copy of the desktop shell's token,
// we're assuming the shell is running as the actual user
hwnd = GetShellWindow();
if (!hwnd)
goto unelevateFail;
GetWindowThreadProcessId(hwnd, &dwPID);
if (!dwPID)
goto unelevateFail;
hShellProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, dwPID);
if (!hShellProcess)
goto unelevateFail;
if (!OpenProcessToken(hShellProcess, TOKEN_DUPLICATE, &hShellProcessToken))
goto unelevateFail;
// Duplicate the shell's process token to get a primary token.
// Based on experimentation, this is the minimal set of rights required for CreateProcessWithTokenW (contrary to current documentation).
if (!DuplicateTokenEx(hShellProcessToken, dwTokenRights, NULL, SecurityImpersonation, TokenPrimary, &hPrimaryToken))
goto unelevateFail;
qDebug() << "Unelevated primary access token acquired";
goto unelevateCleanup;
unelevateFail:
qWarning() << "Unelevate failed, couldn't get access token";
unelevateCleanup:
CloseHandle(hShellProcessToken);
CloseHandle(hShellProcess);
#endif
QMetaObject::invokeMethod(this, "update", Qt::QueuedConnection);
}
