bool Helpers::IsElevated(void)
{
std::unique_ptr<void, CloseHandleHelper> hToken(nullptr);
{
HANDLE _hToken = nullptr;
if ( !::OpenProcessToken(
::GetCurrentProcess(),
TOKEN_QUERY,
&_hToken) )
{
Win32Exception::ThrowFromLastError();
}
hToken.reset(_hToken);
}
TOKEN_ELEVATION_TYPE tet;
DWORD dwReturnLength = 0;
if ( !::GetTokenInformation(
hToken.get(),
TokenElevationType,
&tet,
sizeof(TOKEN_ELEVATION_TYPE),
&dwReturnLength ) )
{
Win32Exception::ThrowFromLastError();
}
return tet != TokenElevationTypeLimited;
}
HRESULT ExecRestricted(PCWSTR app) {
AutoUTF cmd(Expand(app));
PROCESS_INFORMATION pi = {0};
STARTUPINFOW si = {0};
si.cb = sizeof(si);
si.dwFlags = STARTF_USESHOWWINDOW;
si.wShowWindow = SW_SHOWNORMAL;
WinToken hToken(TOKEN_ASSIGN_PRIMARY | TOKEN_DUPLICATE | TOKEN_QUERY | TOKEN_ADJUST_DEFAULT);
if (hToken.IsOK()) {
HANDLE hTokenRest = nullptr;
PSID AdminSid = GetAdminSid();
SID_AND_ATTRIBUTES SidsToDisable[] = {
{AdminSid, 0},
};
//TODO сделать restricted DACL
if (::CreateRestrictedToken(hToken, DISABLE_MAX_PRIVILEGE, sizeofa(SidsToDisable), SidsToDisable, 0, nullptr, 0, nullptr, &hTokenRest)) {
if (::CreateProcessAsUserW(hTokenRest, nullptr, (PWSTR)cmd.c_str(), nullptr, nullptr, false,
NORMAL_PRIORITY_CLASS | CREATE_NEW_CONSOLE, nullptr, nullptr, &si, &pi)) {
::CloseHandle(pi.hThread);
::CloseHandle(pi.hProcess);
::CloseHandle(hTokenRest);
return NO_ERROR;
}
::CloseHandle(hTokenRest);
}
::FreeSid(AdminSid);
}
return ::GetLastError();
}
void Helpers::GetCurrentUserAndDomain(std::wstring& strUser, std::wstring& strDomain)
{
std::unique_ptr<void, CloseHandleHelper> hToken(nullptr);
{
HANDLE _hToken = nullptr;
if ( !::OpenProcessToken(
::GetCurrentProcess(),
TOKEN_QUERY,
&_hToken) )
{
Win32Exception::ThrowFromLastError("OpenProcessToken");
}
hToken.reset(_hToken);
}
DWORD dwReturnLength = 0;
if ( !::GetTokenInformation(
hToken.get(),
TokenUser,
nullptr,
0,
&dwReturnLength ) )
{
if( GetLastError() != ERROR_INSUFFICIENT_BUFFER )
Win32Exception::ThrowFromLastError("GetTokenInformation");
}
std::unique_ptr<BYTE[]> tu(new BYTE[dwReturnLength]);
if ( !::GetTokenInformation(
hToken.get(),
TokenUser,
tu.get(),
dwReturnLength,
&dwReturnLength ) )
{
Win32Exception::ThrowFromLastError("GetTokenInformation");
}
wchar_t szUser[CRED_MAX_STRING_LENGTH + 1] = L"";
wchar_t szDomain[CRED_MAX_STRING_LENGTH + 1] = L"";
DWORD dwUserLen = static_cast<DWORD>(ARRAYSIZE(szUser));
DWORD dwDomainLen = static_cast<DWORD>(ARRAYSIZE(szDomain));
SID_NAME_USE snu;
// Retrieve user name and domain name based on user's SID.
if( !LookupAccountSid(NULL, reinterpret_cast<TOKEN_USER*>(tu.get())->User.Sid, szUser, &dwUserLen, szDomain, &dwDomainLen, &snu) )
{
Win32Exception::ThrowFromLastError("LookupAccountSid");
}
strUser = szUser;
strDomain = szDomain;
}
