/***
    Copyright (C) 2023 J Reece Wilson (a/k/a "Reece"). All rights reserved.

    File: RunAs.hpp
    Date: 2023-12-23
    Author: Reece
***/
#pragma once

namespace Aurora::Processes
{
    AUE_DEFINE(ERunAsUser, (
        eRegularUser,             // 
        eSpecifiedImpersonation,  // Privileged impersonation using admin creds and stated alternative uid/username (*)
        eSuperUser,               // Privileged status (root, standard run-as-admin privileges, etc)
        eNTAS,                    // NT Authority/SYSTEM (*)
        eNTTI                     // Trusted Installer (*)
    ));
    // (*) These APIs are somewhat spicey

    // Warning: In the default configurations of Windows, spawning processes with shared handles and such as elevated processes is generally not supported.
    //          The Aurora Runtime is importing APIs that'll probably make old anti-virus engines mald after sometime. However, it isn't some magic le epic uac bypass. 
    //          You still need to have privileged credentials to hand. This should be noted bc retards on reddit and orange site are probably going to complain 
    //          "hurhur this is malware. look, its editing policies and impersonating the UAC logon prompt in process. ooOoOO spooky." 
    //          In reality, we're just trying to emulate the behaviour of consent.exe in-process for the likes of: 
    //            * non-service level installers with temporary the local-sys-admin-says-its-ok permissions
    //            * remote daemon administration (build-bot daemons with admin credits in a toml file, running as local or network users, perhaps)
    //            * ssh-like servers
    //            * initially not-administrator processes temporarily elevating themselves to remove or re-enable kernel level drivers (drivers such as: reverse engineering tools, vidya gaym anticheats, debuggers, etc)
    //          These APIs will be of use for live-installers where installing for global-users is optional and the base requirements don't require escalation.
    //          Asking for creds in process after a software demo is playable is far nicer UX, than having to wait for 10 hours for Windows to spawn a consent.exe process, just to end up losing stdin/out/err redirection.

    struct RunAsDescriptor
    {
        AU_COPY_MOVE_DEF(RunAsDescriptor);

        ERunAsUser runAs = ERunAsUser::eRegularUser;
        AuOptional<int> numericUserId;
        AuOptional<AuString> username;
        AuOptional<AuString> password;
        AuOptional<AuString> server;
        AuOptional<AuString> impersonate;
        AuOptional<int> impersonateNumericUserId;
        bool bLoginWithProfile {};

        // if this structure is partially completed; 
        //     a dialog may be shown if running under a desktop GUI (polkit, credui, etc),
        //     or a command-line based command (AuConsole) may be requested.
    };

    AUKN_SYM void RunAs(StartupParameters &startupParameters,
                        RunAsDescriptor &runAs); // SECURITY @ Try to enforce moving of AuOptional<AuString> password; to hopefully purge it out of memory asap @
}                                                // SECURITY @ Noting that AuOptional<AuString> password isn't memory safe. We should probably try to memset it after use and during move @
                                                 // REGRESSION: make runAs move-only again