Closed JohnLaTwC closed 3 years ago
Hmm, check the original code that it was based upon - as I mentioned in the comment
it is here
Also as the documentation says it IS guaranteed to be set to ERROR_SUCCES if all the requested privileges are adjusted.
To determine whether the function adjusted all of the specified privileges, call GetLastError, which returns one of the following values when the function succeeds:
Return code Description ERROR_SUCCESS The function adjusted all specified privileges. ERROR_NOT_ALL_ASSIGNED The token does not have one or more of the privileges specified in the NewState parameter. The function may succeed with this error value even if no privileges were adjusted. The PreviousState parameter indicates the privileges that were adjusted.
I checked the sources and you are right. This API can have a partially succeeded state (where some but not all privileges were adjusted). I see that the code always sets last error even in the ERROR_SUCCESS case to account for this.
In calls to AdjustTokenPrivileges GetLastError is not guaranteed to be set on ERROR_SUCCESS. The function returns a BOOL so GetLastError() should only be checked if it returns FALSE.