Bug 973181 - Check the unprompted elevation mode only if the current user can elevate. r=bbondy

toolkit/mozapps/update/common/uachelper.cpp

@@ -195,3 +195,28 @@ UACHelper::DisablePrivileges(HANDLE token)
   return DisableUnneededPrivileges(token, UACHelper::PrivsToDisable, 
                                    PrivsToDisableSize);
 }
+
+/**
+ * Check if the current user can elevate.
+ *
+ * @return true if the user can elevate.
+ *         false otherwise.
+ */
+bool
+UACHelper::CanUserElevate()
+{
+  HANDLE token;
+  if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &token)) {
+    return false;
+  }
+
+  TOKEN_ELEVATION_TYPE elevationType;
+  DWORD len;
+  bool canElevate = GetTokenInformation(token, TokenElevationType,
+                                        &elevationType,
+                                        sizeof(elevationType), &len) &&
+                    (elevationType == TokenElevationTypeLimited);
+  CloseHandle(token);
+
+  return canElevate;
+}

toolkit/mozapps/update/common/uachelper.h

@@ -11,6 +11,7 @@ public:
   static HANDLE OpenUserToken(DWORD sessionID);
   static HANDLE OpenLinkedToken(HANDLE token);
   static BOOL DisablePrivileges(HANDLE token);
+  static bool CanUserElevate();
 
 private:
   static BOOL SetPrivilege(HANDLE token, LPCTSTR privs, BOOL enable);

toolkit/mozapps/update/common/updatehelper.cpp

@@ -22,6 +22,7 @@
 #include <stdio.h>
 #include "shlobj.h"
 #include "updatehelper.h"
+#include "uachelper.h"
 #include "pathhash.h"
 
 // Needed for PathAppendW
@@ -682,16 +683,20 @@ GetDWORDValue(HKEY key, LPCWSTR valueName, DWORD &retValue)
 
 /**
  * Determines if the the system's elevation type allows
- * unprmopted elevation.  This may not 100% reflect reality since
- * a reboot is necessary to change the UAC level.
+ * unprmopted elevation.
  *
  * @param isUnpromptedElevation Out parameter which specifies if unprompted
  *                              elevation is allowed.
- * @return TRUE if the value was obtained successfully.
+ * @return TRUE if the user can actually elevate and the value was obtained
+ *         successfully.
 */
 BOOL
 IsUnpromptedElevation(BOOL &isUnpromptedElevation)
 {
+  if (!UACHelper::CanUserElevate()) {
+    return FALSE;
+  }
+
   LPCWSTR UACBaseRegKey =
     L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System";
   HKEY baseKey;
@@ -702,13 +707,12 @@ IsUnpromptedElevation(BOOL &isUnpromptedElevation)
     return FALSE;
   }
 
-  DWORD enabled, consent, secureDesktop;
-  BOOL success = GetDWORDValue(baseKey, L"EnableLUA", enabled);
-  success = success &&
-            GetDWORDValue(baseKey, L"ConsentPromptBehaviorAdmin", consent);
+  DWORD consent, secureDesktop;
+  BOOL success = GetDWORDValue(baseKey, L"ConsentPromptBehaviorAdmin",
+                               consent);
   success = success &&
             GetDWORDValue(baseKey, L"PromptOnSecureDesktop", secureDesktop);
-  isUnpromptedElevation = enabled && !consent && !secureDesktop;
+  isUnpromptedElevation = !consent && !secureDesktop;
 
   RegCloseKey(baseKey);
   return success;