diff options
-rw-r--r-- | src/mongo/db/startup_warnings_common.cpp | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/src/mongo/db/startup_warnings_common.cpp b/src/mongo/db/startup_warnings_common.cpp index 099df94ceac..84c902be8a8 100644 --- a/src/mongo/db/startup_warnings_common.cpp +++ b/src/mongo/db/startup_warnings_common.cpp @@ -46,6 +46,41 @@ namespace mongo { +#ifdef _WIN32 +bool CheckPrivilegeEnabled(const wchar_t* name) { + LUID luid; + if (!LookupPrivilegeValueW(nullptr, name, &luid)) { + warning() << errnoWithPrefix("Failed to LookupPrivilegeValue"); + return false; + } + + // Get the access token for the current process. + HANDLE accessToken; + if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &accessToken)) { + warning() << errnoWithPrefix("Failed to OpenProcessToken"); + return false; + } + + const auto accessTokenGuard = makeGuard([&] { CloseHandle(accessToken); }); + + BOOL ret; + PRIVILEGE_SET privileges; + privileges.PrivilegeCount = 1; + privileges.Control = PRIVILEGE_SET_ALL_NECESSARY; + + privileges.Privilege[0].Luid = luid; + privileges.Privilege[0].Attributes = 0; + + if (!PrivilegeCheck(accessToken, &privileges, &ret)) { + warning() << errnoWithPrefix("Failed to PrivilegeCheck"); + return false; + } + + return ret; +} + +#endif + // // system warnings // @@ -130,6 +165,17 @@ void logCommonStartupWarnings(const ServerGlobalParams& serverParams) { } #endif +#ifdef _WIN32 + if (!CheckPrivilegeEnabled(SE_INC_WORKING_SET_NAME)) { + log() + << "** WARNING: SeIncreaseWorkingSetPrivilege privilege is not granted to the process." + << startupWarningsLog; + log() << "** Secure memory allocation for SCRAM and/or Encrypted Storage Engine " + "may fail." + << startupWarningsLog; + } +#endif + #if !defined(_WIN32) if (getuid() == 0) { log() << "** WARNING: You are running this process as the root user, " |