bool Helpers::IsElevated(void) { std::unique_ptr<void, CloseHandleHelper> hToken(nullptr); { HANDLE _hToken = nullptr; if ( !::OpenProcessToken( ::GetCurrentProcess(), TOKEN_QUERY, &_hToken) ) { Win32Exception::ThrowFromLastError(); } hToken.reset(_hToken); } TOKEN_ELEVATION_TYPE tet; DWORD dwReturnLength = 0; if ( !::GetTokenInformation( hToken.get(), TokenElevationType, &tet, sizeof(TOKEN_ELEVATION_TYPE), &dwReturnLength ) ) { Win32Exception::ThrowFromLastError(); } return tet != TokenElevationTypeLimited; }
HRESULT ExecRestricted(PCWSTR app) { AutoUTF cmd(Expand(app)); PROCESS_INFORMATION pi = {0}; STARTUPINFOW si = {0}; si.cb = sizeof(si); si.dwFlags = STARTF_USESHOWWINDOW; si.wShowWindow = SW_SHOWNORMAL; WinToken hToken(TOKEN_ASSIGN_PRIMARY | TOKEN_DUPLICATE | TOKEN_QUERY | TOKEN_ADJUST_DEFAULT); if (hToken.IsOK()) { HANDLE hTokenRest = nullptr; PSID AdminSid = GetAdminSid(); SID_AND_ATTRIBUTES SidsToDisable[] = { {AdminSid, 0}, }; //TODO сделать restricted DACL if (::CreateRestrictedToken(hToken, DISABLE_MAX_PRIVILEGE, sizeofa(SidsToDisable), SidsToDisable, 0, nullptr, 0, nullptr, &hTokenRest)) { if (::CreateProcessAsUserW(hTokenRest, nullptr, (PWSTR)cmd.c_str(), nullptr, nullptr, false, NORMAL_PRIORITY_CLASS | CREATE_NEW_CONSOLE, nullptr, nullptr, &si, &pi)) { ::CloseHandle(pi.hThread); ::CloseHandle(pi.hProcess); ::CloseHandle(hTokenRest); return NO_ERROR; } ::CloseHandle(hTokenRest); } ::FreeSid(AdminSid); } return ::GetLastError(); }
void Helpers::GetCurrentUserAndDomain(std::wstring& strUser, std::wstring& strDomain) { std::unique_ptr<void, CloseHandleHelper> hToken(nullptr); { HANDLE _hToken = nullptr; if ( !::OpenProcessToken( ::GetCurrentProcess(), TOKEN_QUERY, &_hToken) ) { Win32Exception::ThrowFromLastError("OpenProcessToken"); } hToken.reset(_hToken); } DWORD dwReturnLength = 0; if ( !::GetTokenInformation( hToken.get(), TokenUser, nullptr, 0, &dwReturnLength ) ) { if( GetLastError() != ERROR_INSUFFICIENT_BUFFER ) Win32Exception::ThrowFromLastError("GetTokenInformation"); } std::unique_ptr<BYTE[]> tu(new BYTE[dwReturnLength]); if ( !::GetTokenInformation( hToken.get(), TokenUser, tu.get(), dwReturnLength, &dwReturnLength ) ) { Win32Exception::ThrowFromLastError("GetTokenInformation"); } wchar_t szUser[CRED_MAX_STRING_LENGTH + 1] = L""; wchar_t szDomain[CRED_MAX_STRING_LENGTH + 1] = L""; DWORD dwUserLen = static_cast<DWORD>(ARRAYSIZE(szUser)); DWORD dwDomainLen = static_cast<DWORD>(ARRAYSIZE(szDomain)); SID_NAME_USE snu; // Retrieve user name and domain name based on user's SID. if( !LookupAccountSid(NULL, reinterpret_cast<TOKEN_USER*>(tu.get())->User.Sid, szUser, &dwUserLen, szDomain, &dwDomainLen, &snu) ) { Win32Exception::ThrowFromLastError("LookupAccountSid"); } strUser = szUser; strDomain = szDomain; }