more unique_sid's, and m,ore comments

src/cascadia/TerminalApp/TerminalPage.cpp

@@ -1480,9 +1480,21 @@ namespace winrt::TerminalApp::implementation
         return true;
     }
 
+    // Method Description:
+    // - For a given commandline, determines if we should prompt the user for
+    //   approval. We only do this check when elevated. This will check the
+    //   AllowedCommandlines in `elevated-state.json`, to see if the commandline
+    //   already exists in that list.
+    // Arguments:
+    // - cmdline: The commandline to check
+    // Return Value:
+    // - true if we should prompt the user for approval.
     bool TerminalPage::_shouldPromptForCommandline(const winrt::hstring& cmdline) const
     {
-        if (true || _isElevated())
+        // NOTE: For debugging purposes, changing this to `true ||
+        // _isElevated()` is a handy way of forcing the elevation logic, even
+        // when unelevated.
+        if (_isElevated())
         {
             if (const auto& allowedCommandlines{ ElevatedState::SharedInstance().AllowedCommandlines() })
             {
@@ -1494,9 +1506,12 @@ namespace winrt::TerminalApp::implementation
                     }
                 }
             }
+
+            // TODO! If the cmdline starts with (case-insensitive)
+            // `C:\WINDOWS\System32`, then ignore this check.
         }
 
-        return true; // TODO! Change this to false. This is defaulted to true for testing.
+        return false;
     }
 
     void TerminalPage::_adminWarningPrimaryClicked(const TerminalApp::AdminWarningPlaceholder& sender,

src/cascadia/TerminalSettingsModel/ElevatedState.cpp

@@ -115,7 +115,15 @@ namespace winrt::Microsoft::Terminal::Settings::Model::implementation
 
     void ElevatedState::_writeFileContents(const std::string_view content) const
     {
-        // WriteUTF8FileAtomic(_path, content, true);
+        // DON'T use WriteUTF8FileAtomic, which will write to a temporary file
+        // then rename that file to the final filename. That actually lets us
+        // overwrite the elevate file's contents even when unelevated, because
+        // we're effectively deleting the original file, then renaming a
+        // different file in it's place.
+        //
+        // We're not worried about someone else doing that though, if they do
+        // that with the wrong permissions, then we'll just ignore the file and
+        // start over.
         WriteUTF8File(_path, content, true);
     }
 

src/cascadia/TerminalSettingsModel/FileUtils.cpp

@@ -206,16 +206,16 @@ namespace Microsoft::Terminal::Settings::Model
             // SYSTEM, but if I did that, then even we can't write the file
             // while elevated, which isn't what we want.
 
-            PSID pEveryoneSid = nullptr;
-            PSID pAdminGroupSid = nullptr;
+            wil::unique_sid everyoneSid{};
+            wil::unique_sid adminGroupSid{};
             SID_IDENTIFIER_AUTHORITY SIDAuthNT = SECURITY_NT_AUTHORITY;
             SID_IDENTIFIER_AUTHORITY SIDAuthWorld = SECURITY_WORLD_SID_AUTHORITY;
 
             // Create a SID for the BUILTIN\Administrators group.
-            THROW_IF_WIN32_BOOL_FALSE(AllocateAndInitializeSid(&SIDAuthNT, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, &pAdminGroupSid));
+            THROW_IF_WIN32_BOOL_FALSE(AllocateAndInitializeSid(&SIDAuthNT, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, &adminGroupSid));
 
             // Create a well-known SID for the Everyone group.
-            THROW_IF_WIN32_BOOL_FALSE(AllocateAndInitializeSid(&SIDAuthWorld, 1, SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, &pEveryoneSid));
+            THROW_IF_WIN32_BOOL_FALSE(AllocateAndInitializeSid(&SIDAuthWorld, 1, SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, &everyoneSid));
 
             EXPLICIT_ACCESS ea[2];
             ZeroMemory(&ea, 2 * sizeof(EXPLICIT_ACCESS));
@@ -225,7 +225,7 @@ namespace Microsoft::Terminal::Settings::Model
             ea[0].grfInheritance = NO_INHERITANCE;
             ea[0].Trustee.TrusteeForm = TRUSTEE_IS_SID;
             ea[0].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
-            ea[0].Trustee.ptstrName = (LPTSTR)pAdminGroupSid;
+            ea[0].Trustee.ptstrName = (LPWSTR)(adminGroupSid.get());
 
             // Grant Everyone the permission or read this file
             ea[1].grfAccessPermissions = GENERIC_READ;
@@ -233,7 +233,7 @@ namespace Microsoft::Terminal::Settings::Model
             ea[1].grfInheritance = NO_INHERITANCE;
             ea[1].Trustee.TrusteeForm = TRUSTEE_IS_SID;
             ea[1].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
-            ea[1].Trustee.ptstrName = (LPTSTR)pEveryoneSid;
+            ea[1].Trustee.ptstrName = (LPWSTR)(everyoneSid.get());
 
             ACL acl;
             PACL pAcl = &acl;