/*
 * $Id: //devel/tools/main/backstealth/enable_priv.cpp#1 $
 *
 * written by:	Stephen J. Friedl
 *              Software Consultant
 *              Tustin, California USA
 *              steve@unixwiz.net
 *
 *	In order to do any of the shenanigans we have in mind with the
 *	remote process, we need the "seDebugPrivilege" setting enabled
 *	in our process token. Admins (and perhaps others) can enable
 *	this most any time, though it's not clear why it is not just
 *	on by default.
 *
 *	If we are not able to do this, it's almost a certainty that the
 *	rest of the program will fail too, but for now we do nothing
 *	more than report an error and hope for the best.
 *
 *	NOTE: not unicode yet!
 */
#include "bscommon.h"
#include "bsdefs.h"

extern "C"
BOOL __stdcall enable_priv(const char *privname)
{
	HANDLE hProc  = GetCurrentProcess();
	HANDLE hToken = 0;

	/*----------------------------------------------------------------
	 * First get a handle to our *own* process token, requested with
	 * the intention of actually modifying ("Adjusting") that token.
	 */
	if ( ! OpenProcessToken( hProc, TOKEN_ADJUST_PRIVILEGES, &hToken ) )
	{
		printf("ERROR: OpenProcessToken() for myself! [err=%ld]\n",
			GetLastError());
		return FALSE;
	}

	/*----------------------------------------------------------------
	 * Now ask the token for the value of the "debug" privilege: it's
	 * either enabled or it's not.
	 *
	 * TODO: if it's already enabled, why do it again?
	 */
	LUID luid;

	if ( ! LookupPrivilegeValueA( 0, privname, &luid) )
	{
		printf("Can't look up %s [err=%ld]\n",
			privname,
			GetLastError());

		CloseHandle(hToken);

		return FALSE;
	}

	/*----------------------------------------------------------------
	 * Now enable the attributes
	 */
	TOKEN_PRIVILEGES tstate;

	tstate.PrivilegeCount = 1;
	tstate.Privileges[0].Luid = luid;
	tstate.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

	BOOL rc;

	if ( ! AdjustTokenPrivileges( hToken, 
	                            0,             // (don't) disable all privs
	                            &tstate,       // new state
	                            0,             // buffer length
	                            0,             // previous state
	                            0 ) )          // return length
	{
		DWORD dwErr = GetLastError();

		printf("WARNING: cannot acquire %s privilege (err=%ld)\n",
			privname,
			GetLastError() );

		if ( dwErr == ERROR_ACCESS_DENIED )
		{
			printf("(are you an Administrator?)\n");
		}

		rc = FALSE;
	}
	else
	{
		printf("Privilege %s granted\n", privname);

		rc = TRUE;
	}

	CloseHandle(hToken);

	return rc;
}