UacHelpers.CppLibrary/UserAccountControl.cpp
author StephaneLenclud
Tue, 03 Feb 2015 10:14:18 +0100
branchMiniDisplay
changeset 450 f2d8620e2434
permissions -rw-r--r--
Rebracer update.
StephaneLenclud@436
     1
#include "UserAccountControl.h"
StephaneLenclud@436
     2
StephaneLenclud@436
     3
#include <windows.h>
StephaneLenclud@436
     4
#pragma comment (lib, "kernel32.lib")
StephaneLenclud@436
     5
#pragma comment (lib, "advapi32.lib")
StephaneLenclud@436
     6
StephaneLenclud@436
     7
#include <vcclr.h>
StephaneLenclud@436
     8
#include <msclr\marshal.h>
StephaneLenclud@436
     9
#include <msclr\marshal_windows.h>
StephaneLenclud@436
    10
StephaneLenclud@436
    11
using namespace msclr::interop;
StephaneLenclud@436
    12
StephaneLenclud@436
    13
using namespace System::ComponentModel;
StephaneLenclud@436
    14
using namespace Microsoft::Win32;
StephaneLenclud@436
    15
StephaneLenclud@436
    16
namespace UacHelpers {
StephaneLenclud@436
    17
StephaneLenclud@436
    18
	Process^ UserAccountControl::CreateProcessAsAdmin(System::String^ exePath, System::String^ arguments)
StephaneLenclud@436
    19
    {
StephaneLenclud@436
    20
        ProcessStartInfo^ psi = gcnew ProcessStartInfo(exePath, arguments);
StephaneLenclud@436
    21
        psi->UseShellExecute = true;
StephaneLenclud@436
    22
        psi->Verb = "runas";
StephaneLenclud@436
    23
		return Process::Start(psi);
StephaneLenclud@436
    24
    }
StephaneLenclud@436
    25
StephaneLenclud@436
    26
	Process^ UserAccountControl::CreateProcessAsStandardUser(System::String^ exePath, System::String^ arguments)
StephaneLenclud@436
    27
	{
StephaneLenclud@436
    28
		marshal_context context;
StephaneLenclud@436
    29
StephaneLenclud@436
    30
		//If the current process is not elevated, then there's no reason to go through the hassle --
StephaneLenclud@436
    31
		//just use the standard System.Diagnostics.Process facilities.
StephaneLenclud@436
    32
		if (!IsCurrentProcessElevated)
StephaneLenclud@436
    33
		{
StephaneLenclud@436
    34
			return Process::Start(exePath, arguments);
StephaneLenclud@436
    35
		}
StephaneLenclud@436
    36
StephaneLenclud@436
    37
		//The following implementation is roughly based on Aaron Margosis' post:
StephaneLenclud@436
    38
		//http://blogs.msdn.com/aaron_margosis/archive/2009/06/06/faq-how-do-i-start-a-program-as-the-desktop-user-from-an-elevated-app.aspx
StephaneLenclud@436
    39
StephaneLenclud@436
    40
		//Enable SeIncreaseQuotaPrivilege in this process.  (This requires administrative privileges.)
StephaneLenclud@436
    41
		HANDLE hProcessToken = NULL;
StephaneLenclud@436
    42
		if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hProcessToken))
StephaneLenclud@436
    43
		{
StephaneLenclud@436
    44
			throw gcnew Win32Exception(GetLastError());
StephaneLenclud@436
    45
		}
StephaneLenclud@436
    46
		else
StephaneLenclud@436
    47
		{
StephaneLenclud@436
    48
			TOKEN_PRIVILEGES tkp;
StephaneLenclud@436
    49
			tkp.PrivilegeCount = 1;
StephaneLenclud@436
    50
			LookupPrivilegeValueW(NULL, SE_INCREASE_QUOTA_NAME, &tkp.Privileges[0].Luid);
StephaneLenclud@436
    51
			tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
StephaneLenclud@436
    52
			AdjustTokenPrivileges(hProcessToken, FALSE, &tkp, 0, NULL, NULL);
StephaneLenclud@436
    53
			DWORD dwLastErr = GetLastError();
StephaneLenclud@436
    54
			CloseHandle(hProcessToken);
StephaneLenclud@436
    55
			if (ERROR_SUCCESS != dwLastErr)
StephaneLenclud@436
    56
			{
StephaneLenclud@436
    57
				throw gcnew Win32Exception(dwLastErr);
StephaneLenclud@436
    58
			}
StephaneLenclud@436
    59
		}
StephaneLenclud@436
    60
StephaneLenclud@436
    61
		//Get window handle representing the desktop shell.  This might not work if there is no shell window, or when
StephaneLenclud@436
    62
		//using a custom shell.  Also note that we're assuming that the shell is not running elevated.
StephaneLenclud@436
    63
		HWND hShellWnd = GetShellWindow();
StephaneLenclud@436
    64
		if (hShellWnd == NULL)
StephaneLenclud@436
    65
		{
StephaneLenclud@436
    66
			throw gcnew System::InvalidOperationException("Unable to locate shell window; you might be using a custom shell");
StephaneLenclud@436
    67
		}
StephaneLenclud@436
    68
StephaneLenclud@436
    69
		//Get the ID of the desktop shell process.
StephaneLenclud@436
    70
		DWORD dwShellPID;
StephaneLenclud@436
    71
		GetWindowThreadProcessId(hShellWnd, &dwShellPID);
StephaneLenclud@436
    72
		if (dwShellPID == 0)
StephaneLenclud@436
    73
		{
StephaneLenclud@436
    74
			throw gcnew Win32Exception(GetLastError());
StephaneLenclud@436
    75
		}
StephaneLenclud@436
    76
StephaneLenclud@436
    77
		//Open the desktop shell process in order to get the process token.
StephaneLenclud@436
    78
		HANDLE hShellProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, dwShellPID);
StephaneLenclud@436
    79
		if (hShellProcess == NULL)
StephaneLenclud@436
    80
		{
StephaneLenclud@436
    81
			throw gcnew Win32Exception(GetLastError());
StephaneLenclud@436
    82
		}
StephaneLenclud@436
    83
StephaneLenclud@436
    84
		HANDLE hShellProcessToken = NULL;
StephaneLenclud@436
    85
		HANDLE hPrimaryToken = NULL;
StephaneLenclud@436
    86
		try
StephaneLenclud@436
    87
		{
StephaneLenclud@436
    88
			//Get the process token of the desktop shell.
StephaneLenclud@436
    89
			if (!OpenProcessToken(hShellProcess, TOKEN_DUPLICATE, &hShellProcessToken))
StephaneLenclud@436
    90
			{
StephaneLenclud@436
    91
				throw gcnew Win32Exception(GetLastError());
StephaneLenclud@436
    92
			}
StephaneLenclud@436
    93
StephaneLenclud@436
    94
			//Duplicate the shell's process token to get a primary token.
StephaneLenclud@436
    95
			const DWORD dwTokenRights = TOKEN_QUERY | TOKEN_ASSIGN_PRIMARY | TOKEN_DUPLICATE | TOKEN_ADJUST_DEFAULT | TOKEN_ADJUST_SESSIONID;
StephaneLenclud@436
    96
			if (!DuplicateTokenEx(hShellProcessToken, dwTokenRights, NULL, SecurityImpersonation, TokenPrimary, &hPrimaryToken))
StephaneLenclud@436
    97
			{
StephaneLenclud@436
    98
				throw gcnew Win32Exception(GetLastError());
StephaneLenclud@436
    99
			}
StephaneLenclud@436
   100
StephaneLenclud@436
   101
			//Start the target process with the new token.
StephaneLenclud@436
   102
			STARTUPINFO si = {0}; si.cb = sizeof(si);
StephaneLenclud@436
   103
			PROCESS_INFORMATION pi = {0};
StephaneLenclud@436
   104
			if (!CreateProcessWithTokenW(hPrimaryToken, 0,
StephaneLenclud@436
   105
				context.marshal_as<LPCWSTR>(exePath), context.marshal_as<LPWSTR>(exePath + " " + arguments),
StephaneLenclud@436
   106
				0, NULL, NULL, &si, &pi))
StephaneLenclud@436
   107
			{
StephaneLenclud@436
   108
				throw gcnew Win32Exception(GetLastError());
StephaneLenclud@436
   109
			}
StephaneLenclud@436
   110
			CloseHandle(pi.hProcess);
StephaneLenclud@436
   111
			CloseHandle(pi.hThread);
StephaneLenclud@436
   112
StephaneLenclud@436
   113
			return Process::GetProcessById(pi.dwProcessId);
StephaneLenclud@436
   114
		}
StephaneLenclud@436
   115
		finally
StephaneLenclud@436
   116
		{
StephaneLenclud@436
   117
			if (hShellProcessToken != NULL)
StephaneLenclud@436
   118
				CloseHandle(hShellProcessToken);
StephaneLenclud@436
   119
StephaneLenclud@436
   120
			if (hPrimaryToken != NULL)
StephaneLenclud@436
   121
				CloseHandle(hPrimaryToken);
StephaneLenclud@436
   122
StephaneLenclud@436
   123
			if (hShellProcess != NULL)
StephaneLenclud@436
   124
				CloseHandle(hShellProcess);
StephaneLenclud@436
   125
		}
StephaneLenclud@436
   126
	}
StephaneLenclud@436
   127
StephaneLenclud@436
   128
	bool UserAccountControl::IsUserAdmin::get()
StephaneLenclud@436
   129
	{
StephaneLenclud@436
   130
		if (UserAccountControl::IsUacEnabled)
StephaneLenclud@436
   131
			return GetProcessTokenElevationType() != TokenElevationTypeDefault;	//split token
StephaneLenclud@436
   132
StephaneLenclud@436
   133
		//If UAC is off, we can't rely on the token; check for Admin group.
StephaneLenclud@436
   134
		return WindowsPrincipal(WindowsIdentity::GetCurrent()).IsInRole("Administrators");
StephaneLenclud@436
   135
	}
StephaneLenclud@436
   136
StephaneLenclud@436
   137
	bool UserAccountControl::IsUacEnabled::get()
StephaneLenclud@436
   138
	{
StephaneLenclud@436
   139
		//Check the HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA registry value.
StephaneLenclud@436
   140
		RegistryKey^ key = Registry::LocalMachine->OpenSubKey(UacRegistryKey, false);
StephaneLenclud@436
   141
		return key->GetValue(UacRegistryValue)->Equals(1);
StephaneLenclud@436
   142
    }
StephaneLenclud@436
   143
StephaneLenclud@436
   144
	void UserAccountControl::DisableUac()
StephaneLenclud@436
   145
	{
StephaneLenclud@436
   146
		SetUacRegistryValue(false);
StephaneLenclud@436
   147
	}
StephaneLenclud@436
   148
StephaneLenclud@436
   149
	void UserAccountControl::DisableUacAndRestartWindows()
StephaneLenclud@436
   150
	{
StephaneLenclud@436
   151
		DisableUac();
StephaneLenclud@436
   152
		RestartWindows();
StephaneLenclud@436
   153
	}
StephaneLenclud@436
   154
StephaneLenclud@436
   155
	void UserAccountControl::EnableUac()
StephaneLenclud@436
   156
	{
StephaneLenclud@436
   157
		SetUacRegistryValue(true);
StephaneLenclud@436
   158
	}
StephaneLenclud@436
   159
StephaneLenclud@436
   160
	void UserAccountControl::EnableUacAndRestartWindows()
StephaneLenclud@436
   161
	{
StephaneLenclud@436
   162
		EnableUac();
StephaneLenclud@436
   163
		RestartWindows();
StephaneLenclud@436
   164
	}
StephaneLenclud@436
   165
StephaneLenclud@436
   166
	bool UserAccountControl::IsCurrentProcessElevated::get()
StephaneLenclud@436
   167
	{
StephaneLenclud@436
   168
		return GetProcessTokenElevationType() == TokenElevationTypeFull;	//elevated
StephaneLenclud@436
   169
	}
StephaneLenclud@436
   170
StephaneLenclud@436
   171
	bool UserAccountControl::IsCurrentProcessVirtualized::get()
StephaneLenclud@436
   172
	{
StephaneLenclud@436
   173
		HANDLE hToken;
StephaneLenclud@436
   174
        try
StephaneLenclud@436
   175
        {
StephaneLenclud@436
   176
            if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken))
StephaneLenclud@436
   177
				throw gcnew Win32Exception(GetLastError());
StephaneLenclud@436
   178
StephaneLenclud@436
   179
            DWORD virtualizationEnabled;
StephaneLenclud@436
   180
			DWORD dwSize;
StephaneLenclud@436
   181
			if (!GetTokenInformation(hToken, TokenVirtualizationEnabled, &virtualizationEnabled, sizeof(virtualizationEnabled), &dwSize))
StephaneLenclud@436
   182
                throw gcnew Win32Exception(GetLastError());
StephaneLenclud@436
   183
StephaneLenclud@436
   184
			return virtualizationEnabled != 0;
StephaneLenclud@436
   185
        }
StephaneLenclud@436
   186
        finally
StephaneLenclud@436
   187
        {
StephaneLenclud@436
   188
            CloseHandle(hToken);
StephaneLenclud@436
   189
        }
StephaneLenclud@436
   190
	}
StephaneLenclud@436
   191
StephaneLenclud@436
   192
	int UserAccountControl::GetProcessTokenElevationType()
StephaneLenclud@436
   193
	{
StephaneLenclud@436
   194
		HANDLE hToken;
StephaneLenclud@436
   195
        try
StephaneLenclud@436
   196
        {
StephaneLenclud@436
   197
            if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken))
StephaneLenclud@436
   198
				throw gcnew Win32Exception(GetLastError());
StephaneLenclud@436
   199
StephaneLenclud@436
   200
            TOKEN_ELEVATION_TYPE elevationType;
StephaneLenclud@436
   201
			DWORD dwSize;
StephaneLenclud@436
   202
            if (!GetTokenInformation(hToken, TokenElevationType, &elevationType, sizeof(elevationType), &dwSize))
StephaneLenclud@436
   203
                throw gcnew Win32Exception(GetLastError());
StephaneLenclud@436
   204
StephaneLenclud@436
   205
			return elevationType;
StephaneLenclud@436
   206
        }
StephaneLenclud@436
   207
        finally
StephaneLenclud@436
   208
        {
StephaneLenclud@436
   209
            CloseHandle(hToken);
StephaneLenclud@436
   210
        }
StephaneLenclud@436
   211
	}
StephaneLenclud@436
   212
StephaneLenclud@436
   213
	void UserAccountControl::SetUacRegistryValue(bool enabled)
StephaneLenclud@436
   214
	{
StephaneLenclud@436
   215
		RegistryKey^ key = Registry::LocalMachine->OpenSubKey(UacRegistryKey, true);
StephaneLenclud@436
   216
		key->SetValue(UacRegistryValue, enabled ? 1 : 0);
StephaneLenclud@436
   217
	}
StephaneLenclud@436
   218
StephaneLenclud@436
   219
	void UserAccountControl::RestartWindows()
StephaneLenclud@436
   220
	{
StephaneLenclud@436
   221
		InitiateSystemShutdownEx(NULL, NULL, 0/*Timeout*/,
StephaneLenclud@436
   222
								 TRUE/*ForceAppsClosed*/, TRUE/*RebootAfterShutdown*/,
StephaneLenclud@436
   223
								 SHTDN_REASON_MAJOR_OPERATINGSYSTEM | SHTDN_REASON_MINOR_RECONFIG | SHTDN_REASON_FLAG_PLANNED);
StephaneLenclud@436
   224
		//This shutdown flag corresponds to: "Operating System: Reconfiguration (Planned)".
StephaneLenclud@436
   225
	}
StephaneLenclud@436
   226
}