SERVER-47187 Add startup warning when SeIncreaseWorkingSetPrivilege not present

author: Mark Benvenuto <mark.benvenuto@mongodb.com> 2020-04-10 12:06:44 -0400
committer: Evergreen Agent <no-reply@evergreen.mongodb.com> 2020-04-10 16:48:01 +0000
commit: 905011e695e1886d9fb733f71975a3affe5f4f85 (patch)
tree: b3b483ccf01fe41b510ac2cff876da09b1b69d93 /src
parent: d51e93a173eefeb0f6a1baa6ed4e9cbed7f35466 (diff)
download: mongo-905011e695e1886d9fb733f71975a3affe5f4f85.tar.gz
1 files changed, 48 insertions, 0 deletions
diff --git a/src/mongo/db/startup_warnings_common.cpp b/src/mongo/db/startup_warnings_common.cpp
index 8d59e6b1517..986b854de09 100644
--- a/src/mongo/db/startup_warnings_common.cpp
+++ b/src/mongo/db/startup_warnings_common.cpp
@@ -46,6 +46,44 @@
 
 namespace mongo {
 
+#ifdef _WIN32
+bool CheckPrivilegeEnabled(const wchar_t* name) {
+    LUID luid;
+    if (!LookupPrivilegeValueW(nullptr, name, &luid)) {
+        auto str = errnoWithPrefix("Failed to LookupPrivilegeValue");
+        LOGV2_WARNING(47187001, "{str}", "str"_attr = str);
+        return false;
+    }
+
+    // Get the access token for the current process.
+    HANDLE accessToken;
+    if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &accessToken)) {
+        auto str = errnoWithPrefix("Failed to OpenProcessToken");
+        LOGV2_WARNING(47187002, "{str}", "str"_attr = str);
+        return false;
+    }
+
+    const auto accessTokenGuard = makeGuard([&] { CloseHandle(accessToken); });
+
+    BOOL ret;
+    PRIVILEGE_SET privileges;
+    privileges.PrivilegeCount = 1;
+    privileges.Control = PRIVILEGE_SET_ALL_NECESSARY;
+
+    privileges.Privilege[0].Luid = luid;
+    privileges.Privilege[0].Attributes = 0;
+
+    if (!PrivilegeCheck(accessToken, &privileges, &ret)) {
+        auto str = errnoWithPrefix("Failed to PrivilegeCheck");
+        LOGV2_WARNING(47187003, "{str}", "str"_attr = str);
+        return false;
+    }
+
+    return ret;
+}
+
+#endif
+
 //
 // system warnings
 //
@@ -127,6 +165,16 @@ void logCommonStartupWarnings(const ServerGlobalParams& serverParams) {
     }
 #endif
 
+#ifdef _WIN32
+    if (!CheckPrivilegeEnabled(SE_INC_WORKING_SET_NAME)) {
+        LOGV2_OPTIONS(
+            47187004,
+            {logv2::LogTag::kStartupWarnings},
+            "SeIncreaseWorkingSetPrivilege privilege is not granted to the process. Secure memory "
+            "allocation for SCRAM and/or Encrypted Storage Engine may fail.");
+    }
+#endif
+
 #if !defined(_WIN32)
     if (getuid() == 0) {
         LOGV2_WARNING_OPTIONS(
author	Mark Benvenuto <mark.benvenuto@mongodb.com>	2020-04-10 12:06:44 -0400
committer	Evergreen Agent <no-reply@evergreen.mongodb.com>	2020-04-10 16:48:01 +0000
commit	905011e695e1886d9fb733f71975a3affe5f4f85 (patch)
tree	b3b483ccf01fe41b510ac2cff876da09b1b69d93 /src
parent	d51e93a173eefeb0f6a1baa6ed4e9cbed7f35466 (diff)
download	mongo-905011e695e1886d9fb733f71975a3affe5f4f85.tar.gz