UI: Options: Self Protection: Add "Only Administrator can open Driver" flag

src/driver/fortdrv.c

@@ -26,7 +26,7 @@ static void fort_driver_delete_device(PDRIVER_OBJECT driver)
     IoDeleteDevice(device_obj);
 }
 
-static NTSTATUS fort_driver_create_device(PDRIVER_OBJECT driver, PUNICODE_STRING reg_path)
+static NTSTATUS fort_driver_create_device(PDRIVER_OBJECT driver)
 {
     NTSTATUS status;
 
@@ -95,7 +95,7 @@ static NTSTATUS fort_driver_load(PDRIVER_OBJECT driver, PUNICODE_STRING reg_path
         return status;
     }
 
-    status = fort_driver_create_device(driver, reg_path);
+    status = fort_driver_create_device(driver);
     if (!NT_SUCCESS(status))
         return status;
 

src/ui/3rdparty/sqlite/dbvar.cpp

@@ -3,6 +3,11 @@
 #include "sqlitedb.h"
 #include "sqlitestmt.h"
 
+QVariant DbVar::nullable(bool v)
+{
+    return nullable(v, !v);
+}
+
 QVariant DbVar::nullable(int v)
 {
     return nullable(v, v == 0);

src/ui/3rdparty/sqlite/dbvar.h

@@ -12,6 +12,7 @@ public:
     {
         return isNull ? QVariant() : QVariant(v);
     }
+    static QVariant nullable(bool v);
     static QVariant nullable(int v);
     static QVariant nullable(const QString &v);
     static QVariant nullable(const QDateTime &v);

src/ui/conf/inioptions.h

@@ -37,6 +37,11 @@ public:
     bool noServiceControl() const { return valueBool("protect/noServiceControl"); }
     void setNoServiceControl(bool v) { setValue("protect/noServiceControl", v); }
 
+    bool isDriverAdminSet() const { return contains("protect/isDriverAdmin"); }
+
+    bool isDriverAdmin() const { return valueBool("protect/isDriverAdmin"); }
+    void setIsDriverAdmin(bool v) { setValue("protect/isDriverAdmin", v); }
+
     bool checkPasswordOnUninstallSet() const
     {
         return contains("protect/checkPasswordOnUninstall");

src/ui/form/opt/pages/optionspage.cpp

@@ -67,6 +67,7 @@ void OptionsPage::onResetToDefault()
 
     m_cbBootFilter->setChecked(false);
     m_cbNoServiceControl->setChecked(false);
+    m_cbIsDriverAdmin->setChecked(false);
     m_cbCheckPasswordOnUninstall->setChecked(false);
     m_cbPassword->setChecked(false);
 
@@ -168,6 +169,7 @@ void OptionsPage::onRetranslateUi()
 
     m_cbBootFilter->setText(tr("Block traffic when Fort Firewall is not running"));
     m_cbNoServiceControl->setText(tr("Disable Service controls"));
+    m_cbIsDriverAdmin->setText(tr("Only Administrator can open Driver"));
     m_cbCheckPasswordOnUninstall->setText(tr("Check password on Uninstall"));
 
     m_cbPassword->setText(tr("Password:"));
@@ -418,13 +420,21 @@ void OptionsPage::setupProtectionBox()
                 ctrl()->setIniEdited();
             });
 
+    m_cbIsDriverAdmin = ControlUtil::createCheckBox(ini()->isDriverAdmin(), [&](bool checked) {
+        ini()->setIsDriverAdmin(checked);
+        ctrl()->setIniEdited();
+    });
+
     m_cbCheckPasswordOnUninstall =
             ControlUtil::createCheckBox(ini()->checkPasswordOnUninstall(), [&](bool checked) {
                 ini()->setCheckPasswordOnUninstall(checked);
                 ctrl()->setIniEdited();
             });
 
-    m_cbCheckPasswordOnUninstall->setEnabled(settings()->hasMasterAdmin());
+    if (!settings()->hasMasterAdmin()) {
+        m_cbIsDriverAdmin->setEnabled(false);
+        m_cbCheckPasswordOnUninstall->setEnabled(false);
+    }
 
     // Password Row
     auto passwordLayout = setupPasswordLayout();
@@ -433,6 +443,7 @@ void OptionsPage::setupProtectionBox()
     auto layout = new QVBoxLayout();
     layout->addWidget(m_cbBootFilter);
     layout->addWidget(m_cbNoServiceControl);
+    layout->addWidget(m_cbIsDriverAdmin);
     layout->addWidget(ControlUtil::createSeparator());
     layout->addWidget(m_cbCheckPasswordOnUninstall);
     layout->addLayout(passwordLayout);

src/ui/form/opt/pages/optionspage.h

@@ -77,6 +77,7 @@ private:
 
     QCheckBox *m_cbBootFilter = nullptr;
     QCheckBox *m_cbNoServiceControl = nullptr;
+    QCheckBox *m_cbIsDriverAdmin = nullptr;
     QCheckBox *m_cbCheckPasswordOnUninstall = nullptr;
     QCheckBox *m_cbPassword = nullptr;
     QLineEdit *m_editPassword = nullptr;

src/ui/fortsettings.cpp

@@ -482,6 +482,11 @@ void FortSettings::writeConfIniOptions(const IniOptions &ini)
     // Save changed keys
     ini.save();
 
+    // Only Administrator can open Driver
+    if (ini.isDriverAdminSet()) {
+        StartupUtil::setRegistryIsDriverAdmin(ini.isDriverAdmin());
+    }
+
     // Password
     const bool isPasswordSet = (ini.hasPasswordSet() && ini.hasPassword() != hasPassword());
     if (isPasswordSet || !ini.password().isEmpty()) {

src/ui/util/regkey.cpp

@@ -115,6 +115,11 @@ bool RegKey::setValue(const QString &name, const QVariant &value, bool expand)
             (HKEY) handle(), (LPCWSTR) name.utf16(), 0, type, (const BYTE *) dataPtr, size);
 }
 
+bool RegKey::setOrRemoveValue(const QString &name, const QVariant &value, bool expand)
+{
+    return !value.isNull() ? setValue(name, value, expand) : removeValue(name);
+}
+
 QVariant RegKey::value(const QString &name, bool *expand) const
 {
     char data[16 * 1024];

src/ui/util/regkey.h

@@ -49,7 +49,8 @@ public:
     bool removeRecursively(const QString &subKey);
     bool removeValue(const QString &name);
     bool setValue(const QString &name, const QVariant &value, bool expand = false);
-    bool setDefaultValue(const QVariant &value) { return setValue(QString(), value); }
+    inline bool setDefaultValue(const QVariant &value) { return setValue(QString(), value); }
+    bool setOrRemoveValue(const QString &name, const QVariant &value, bool expand = false);
     QVariant value(const QString &name, bool *expand = nullptr) const;
     bool contains(const QString &name) const;
 

src/ui/util/startuputil.cpp

@@ -7,6 +7,8 @@
 #define WIN32_LEAN_AND_MEAN
 #include <qt_windows.h>
 
+#include <sqlite/dbvar.h>
+
 #include <fort_version_l.h>
 
 #include <util/fileutil.h>
@@ -116,6 +118,13 @@ bool uninstallService(const wchar_t *serviceName)
     return false;
 }
 
+RegKey registryAppKey(quint32 flags = RegKey::DefaultReadOnly)
+{
+    const RegKey regSw(RegKey::HKLM, R"(SOFTWARE)", flags);
+
+    return RegKey(regSw, APP_NAME, flags);
+}
+
 }
 
 const wchar_t *StartupUtil::serviceName()
@@ -258,27 +267,30 @@ void StartupUtil::clearGlobalExplorerIntegrated()
 
 QString StartupUtil::registryPasswordHash()
 {
-    const RegKey regApp(RegKey::HKLM, R"(SOFTWARE)");
+    const RegKey regApp = registryAppKey();
 
-    const RegKey reg(regApp, APP_NAME);
-
-    return reg.value("passwordHash").toString();
+    return regApp.value("passwordHash").toString();
 }
 
 void StartupUtil::setRegistryPasswordHash(const QString &passwordHash)
 {
-    const bool isAdding = !passwordHash.isEmpty();
+    RegKey regApp = registryAppKey(RegKey::DefaultCreate);
 
-    const RegKey regApp(RegKey::HKLM, R"(SOFTWARE)",
-            isAdding ? RegKey::DefaultCreate : RegKey::DefaultReadWrite);
+    regApp.setOrRemoveValue("passwordHash", DbVar::nullable(passwordHash));
+}
 
-    RegKey reg(regApp, APP_NAME, RegKey::DefaultCreate);
+bool StartupUtil::registryIsDriverAdmin()
+{
+    const RegKey regApp = registryAppKey();
 
-    if (isAdding) {
-        reg.setValue("passwordHash", passwordHash);
-    } else {
-        reg.removeValue("passwordHash");
-    }
+    return regApp.value("isDriverAdmin").toBool();
+}
+
+void StartupUtil::setRegistryIsDriverAdmin(bool isDriverAdmin)
+{
+    RegKey regApp = registryAppKey(RegKey::DefaultCreate);
+
+    regApp.setOrRemoveValue("isDriverAdmin", DbVar::nullable(isDriverAdmin));
 }
 
 void StartupUtil::setPortable(bool portable)

src/ui/util/startuputil.h

@@ -31,6 +31,9 @@ public:
     static QString registryPasswordHash();
     static void setRegistryPasswordHash(const QString &passwordHash);
 
+    static bool registryIsDriverAdmin();
+    static void setRegistryIsDriverAdmin(bool isDriverAdmin);
+
     static void setPortable(bool portable);
 };