implement GetProcessPrivileges()

xenu · xenu · commit f79a084c07ab · 2021-01-20T22:10:08.000+01:00
It's the first step towards IsSymlinkCreationAllowed().
diff --git a/Win32.pm b/Win32.pm
@@ -1233,6 +1233,25 @@ information about what you can do with this address has been lost in
 the mist of time.  Use the Win32::API module instead of this deprecated
 function.
 
+=item Win32::GetProcessPrivileges([PID])
+
+Returns a reference to a hash holding the information about the privileges
+held by the specified process. The keys are privilege names, and the values
+are booleans indicating whether a given privilege is currently enabled or not.
+
+If the optional PID parameter is omitted, the function queries the current
+process.
+
+Example return value:
+
+    {
+        SeTimeZonePrivilege => 0,
+        SeShutdownPrivilege => 0,
+        SeUndockPrivilege => 0,
+        SeIncreaseWorkingSetPrivilege => 0,
+        SeChangeNotifyPrivilege => 1
+    }
+
 =item Win32::GetProductInfo(OSMAJOR, OSMINOR, SPMAJOR, SPMINOR)
 
 Retrieves the product type for the operating system on the local
diff --git a/Win32.xs b/Win32.xs
@@ -1557,6 +1557,92 @@ XS(w32_SetConsoleOutputCP)
     XSRETURN_IV(SetConsoleOutputCP((int)SvIV(ST(0))));
 }
 
+XS(w32_GetProcessPrivileges)
+{
+    dXSARGS;
+    BOOL ret;
+    HV *priv_hv;
+    HANDLE proc_handle, token;
+    char *priv_name = NULL;
+    TOKEN_PRIVILEGES *privs = NULL;
+    DWORD i, pid, priv_name_len = 100, privs_len = 300;
+
+    if (items > 1)
+        Perl_croak(aTHX_ "usage: Win32::GetProcessPrivileges([$pid])");
+
+    if (items == 0) {
+        EXTEND(SP, 1);
+        pid = GetCurrentProcessId();
+    }
+    else {
+        pid = (DWORD)SvUV(ST(0));
+    }
+
+    proc_handle = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, pid);
+
+    if (!proc_handle)
+        XSRETURN_NO;
+
+    ret = OpenProcessToken(proc_handle, TOKEN_QUERY, &token);
+    CloseHandle(proc_handle);
+
+    if (!ret)
+        XSRETURN_NO;
+
+    do {
+        Renewc(privs, privs_len, char, TOKEN_PRIVILEGES);
+        ret = GetTokenInformation(
+            token, TokenPrivileges, privs, privs_len, &privs_len
+        );
+    } while (!ret && GetLastError() == ERROR_INSUFFICIENT_BUFFER);
+
+    CloseHandle(token);
+
+    if (!ret) {
+        Safefree(privs);
+        XSRETURN_NO;
+    }
+
+    priv_hv = newHV();
+    New(0, priv_name, priv_name_len, char);
+
+    for (i = 0; i < privs->PrivilegeCount; ++i) {
+        DWORD ret_len = 0;
+        LUID_AND_ATTRIBUTES *priv = &privs->Privileges[i];
+        BOOL is_enabled = !!(priv->Attributes & SE_PRIVILEGE_ENABLED);
+
+        if (priv->Attributes & SE_PRIVILEGE_REMOVED)
+            continue;
+
+        do {
+            ret_len = priv_name_len;
+            ret = LookupPrivilegeNameA(
+                NULL, &priv->Luid, priv_name, &ret_len
+            );
+
+            if (ret_len > priv_name_len) {
+                priv_name_len = ret_len + 1;
+                Renew(priv_name, priv_name_len, char);
+            }
+        } while (!ret && GetLastError() == ERROR_INSUFFICIENT_BUFFER);
+
+        if (!ret) {
+            SvREFCNT_dec((SV*)priv_hv);
+            Safefree(privs);
+            Safefree(priv_name);
+            XSRETURN_NO;
+        }
+
+        hv_store(priv_hv, priv_name, ret_len, newSViv(is_enabled), 0);
+    }
+
+    Safefree(privs);
+    Safefree(priv_name);
+
+    ST(0) = sv_2mortal(newRV_noinc((SV*)priv_hv));
+    XSRETURN(1);
+}
+
 MODULE = Win32            PACKAGE = Win32
 
 PROTOTYPES: DISABLE
@@ -1626,6 +1712,7 @@ BOOT:
     newXS("Win32::GetOEMCP", w32_GetOEMCP, file);
     newXS("Win32::SetConsoleCP", w32_SetConsoleCP, file);
     newXS("Win32::SetConsoleOutputCP", w32_SetConsoleOutputCP, file);
+    newXS("Win32::GetProcessPrivileges", w32_GetProcessPrivileges, file);
 #ifdef __CYGWIN__
     newXS("Win32::SetChildShowWindow", w32_SetChildShowWindow, file);
 #endif
diff --git a/t/Privileges.t b/t/Privileges.t
@@ -0,0 +1,27 @@
+use strict;
+use warnings;
+
+use Test;
+use Win32;
+
+plan tests => 4;
+
+ok(ref(Win32::GetProcessPrivileges) eq 'HASH');
+ok(ref(Win32::GetProcessPrivileges(Win32::GetCurrentProcessId())) eq 'HASH');
+
+# All Windows PIDs are divisible by 4. It's an undocumented implementation
+# detail, but it means it's extremely unlikely that the PID below is valid.
+ok(!Win32::GetProcessPrivileges(3423237));
+
+my $whoami = `whoami /priv 2>&1`;
+my $skip = ($? == -1 || $? >> 8) ? '"whoami" command is missing' : 0;
+
+skip($skip, sub{
+    my $privs = Win32::GetProcessPrivileges();
+
+    while ($whoami =~ /^(Se\w+)/mg) {
+        return 0 unless exists $privs->{$1};
+    }
+
+    return 1;
+});
