зеркало из https://github.com/mozilla/gecko-dev.git
Bug 973181 - Check the unprompted elevation mode only if the current user can elevate. r=bbondy
This commit is contained in:
Родитель
df696acd03
Коммит
a6d85af240
|
@ -195,3 +195,28 @@ UACHelper::DisablePrivileges(HANDLE token)
|
||||||
return DisableUnneededPrivileges(token, UACHelper::PrivsToDisable,
|
return DisableUnneededPrivileges(token, UACHelper::PrivsToDisable,
|
||||||
PrivsToDisableSize);
|
PrivsToDisableSize);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Check if the current user can elevate.
|
||||||
|
*
|
||||||
|
* @return true if the user can elevate.
|
||||||
|
* false otherwise.
|
||||||
|
*/
|
||||||
|
bool
|
||||||
|
UACHelper::CanUserElevate()
|
||||||
|
{
|
||||||
|
HANDLE token;
|
||||||
|
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &token)) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
TOKEN_ELEVATION_TYPE elevationType;
|
||||||
|
DWORD len;
|
||||||
|
bool canElevate = GetTokenInformation(token, TokenElevationType,
|
||||||
|
&elevationType,
|
||||||
|
sizeof(elevationType), &len) &&
|
||||||
|
(elevationType == TokenElevationTypeLimited);
|
||||||
|
CloseHandle(token);
|
||||||
|
|
||||||
|
return canElevate;
|
||||||
|
}
|
||||||
|
|
|
@ -11,6 +11,7 @@ public:
|
||||||
static HANDLE OpenUserToken(DWORD sessionID);
|
static HANDLE OpenUserToken(DWORD sessionID);
|
||||||
static HANDLE OpenLinkedToken(HANDLE token);
|
static HANDLE OpenLinkedToken(HANDLE token);
|
||||||
static BOOL DisablePrivileges(HANDLE token);
|
static BOOL DisablePrivileges(HANDLE token);
|
||||||
|
static bool CanUserElevate();
|
||||||
|
|
||||||
private:
|
private:
|
||||||
static BOOL SetPrivilege(HANDLE token, LPCTSTR privs, BOOL enable);
|
static BOOL SetPrivilege(HANDLE token, LPCTSTR privs, BOOL enable);
|
||||||
|
|
|
@ -22,6 +22,7 @@
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
#include "shlobj.h"
|
#include "shlobj.h"
|
||||||
#include "updatehelper.h"
|
#include "updatehelper.h"
|
||||||
|
#include "uachelper.h"
|
||||||
#include "pathhash.h"
|
#include "pathhash.h"
|
||||||
|
|
||||||
// Needed for PathAppendW
|
// Needed for PathAppendW
|
||||||
|
@ -682,16 +683,20 @@ GetDWORDValue(HKEY key, LPCWSTR valueName, DWORD &retValue)
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Determines if the the system's elevation type allows
|
* Determines if the the system's elevation type allows
|
||||||
* unprmopted elevation. This may not 100% reflect reality since
|
* unprmopted elevation.
|
||||||
* a reboot is necessary to change the UAC level.
|
|
||||||
*
|
*
|
||||||
* @param isUnpromptedElevation Out parameter which specifies if unprompted
|
* @param isUnpromptedElevation Out parameter which specifies if unprompted
|
||||||
* elevation is allowed.
|
* elevation is allowed.
|
||||||
* @return TRUE if the value was obtained successfully.
|
* @return TRUE if the user can actually elevate and the value was obtained
|
||||||
|
* successfully.
|
||||||
*/
|
*/
|
||||||
BOOL
|
BOOL
|
||||||
IsUnpromptedElevation(BOOL &isUnpromptedElevation)
|
IsUnpromptedElevation(BOOL &isUnpromptedElevation)
|
||||||
{
|
{
|
||||||
|
if (!UACHelper::CanUserElevate()) {
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
|
||||||
LPCWSTR UACBaseRegKey =
|
LPCWSTR UACBaseRegKey =
|
||||||
L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System";
|
L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System";
|
||||||
HKEY baseKey;
|
HKEY baseKey;
|
||||||
|
@ -702,13 +707,12 @@ IsUnpromptedElevation(BOOL &isUnpromptedElevation)
|
||||||
return FALSE;
|
return FALSE;
|
||||||
}
|
}
|
||||||
|
|
||||||
DWORD enabled, consent, secureDesktop;
|
DWORD consent, secureDesktop;
|
||||||
BOOL success = GetDWORDValue(baseKey, L"EnableLUA", enabled);
|
BOOL success = GetDWORDValue(baseKey, L"ConsentPromptBehaviorAdmin",
|
||||||
success = success &&
|
consent);
|
||||||
GetDWORDValue(baseKey, L"ConsentPromptBehaviorAdmin", consent);
|
|
||||||
success = success &&
|
success = success &&
|
||||||
GetDWORDValue(baseKey, L"PromptOnSecureDesktop", secureDesktop);
|
GetDWORDValue(baseKey, L"PromptOnSecureDesktop", secureDesktop);
|
||||||
isUnpromptedElevation = enabled && !consent && !secureDesktop;
|
isUnpromptedElevation = !consent && !secureDesktop;
|
||||||
|
|
||||||
RegCloseKey(baseKey);
|
RegCloseKey(baseKey);
|
||||||
return success;
|
return success;
|
||||||
|
|
Загрузка…
Ссылка в новой задаче