maxmustermann/terminal
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

this works really quite well

Browse source
This commit is contained in:
Mike Griese 2021-11-09 06:24:16 -06:00
parent fd849a5241
commit 25b2675d8d
1 changed files with 45 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

50
src/cascadia/TerminalSettingsModel/FileUtils.cpp
View file

@ -56,7 +56,45 @@ namespace winrt::Microsoft::Terminal::Settings::Model
static bool _hasElevatedOnlyPermissions(const std::filesystem::path& path) static bool _hasElevatedOnlyPermissions(const std::filesystem::path& path)
{ {
path; path;
return true; wil::unique_sid sidOwner;
PSID psidOwner{ nullptr };
// wil::unique_hlocal_security_descriptor sd;
PSECURITY_DESCRIPTOR pSD{ nullptr }; // TODO! LocalFree me
auto status = GetNamedSecurityInfoW(path.c_str(),
SE_FILE_OBJECT,
OWNER_SECURITY_INFORMATION,
&psidOwner,
nullptr,
nullptr,
nullptr,
// wil::out_param_ptr<PSECURITY_DESCRIPTOR*>(sd));
&pSD);
THROW_IF_WIN32_ERROR(status);
/*if (status == ERROR_FILE_NOT_FOUND)
{
return true;
}
if (LOG_IF_WIN32_ERROR(status))
{
return false;
}*/
const auto adminGroupSid = wil::make_static_sid(SECURITY_NT_AUTHORITY, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS);
adminGroupSid; // for debugging;
wil::unique_any_psid psidAdmins{ nullptr };
ConvertStringSidToSidW(L"BA", wil::out_param_ptr<PSID*>(psidAdmins));
// Compare the owner SID to the administrators SID via
// EqualSid(psidOwner, psidAdmins). This does a low-level memory
// comparison of the SIDs.
return EqualSid(psidOwner, psidAdmins.get());
// The psidOwner pointer references the security descriptor, so it
// doesn't have to be freed separate from pSD.
// LocalFree(pSD); // called when the unique_hlocal_security_descriptor exits scope
// return true;
/* /*
// If we want to only open the file if it's elevated, check the // If we want to only open the file if it's elevated, check the
// permissions on this file. We want to make sure that: // permissions on this file. We want to make sure that:
@ -202,6 +240,7 @@ namespace winrt::Microsoft::Terminal::Settings::Model
const bool elevatedOnly) const bool elevatedOnly)
{ {
SECURITY_ATTRIBUTES sa; SECURITY_ATTRIBUTES sa;
// wil::unique_hlocal_security_descriptor sd;
if (elevatedOnly) if (elevatedOnly)
{ {
// // This is very vaguely taken from // // This is very vaguely taken from
@ -248,18 +287,19 @@ namespace winrt::Microsoft::Terminal::Settings::Model
// THROW_IF_WIN32_BOOL_FALSE(InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION)); // THROW_IF_WIN32_BOOL_FALSE(InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION));
// THROW_IF_WIN32_BOOL_FALSE(SetSecurityDescriptorDacl(&sd, true, pAcl, false)); // THROW_IF_WIN32_BOOL_FALSE(SetSecurityDescriptorDacl(&sd, true, pAcl, false));
// TODO!: I need to LocalFree this somehow.
PSECURITY_DESCRIPTOR psd;
unsigned long cb; unsigned long cb;
PSECURITY_DESCRIPTOR pSD{ nullptr };
ConvertStringSecurityDescriptorToSecurityDescriptor(L"S:(ML;;NW;;;HI)", ConvertStringSecurityDescriptorToSecurityDescriptor(L"S:(ML;;NW;;;HI)",
SDDL_REVISION_1, SDDL_REVISION_1,
&psd, // wil::out_param_ptr<PSECURITY_DESCRIPTOR*>(sd),
&pSD,
&cb); &cb);
// Initialize a security attributes structure. // Initialize a security attributes structure.
sa.nLength = sizeof(SECURITY_ATTRIBUTES); sa.nLength = sizeof(SECURITY_ATTRIBUTES);
// sa.lpSecurityDescriptor = &sd; // sa.lpSecurityDescriptor = &sd;
sa.lpSecurityDescriptor = psd; // sa.lpSecurityDescriptor = sd.addressof();
sa.lpSecurityDescriptor = pSD;
sa.bInheritHandle = false; sa.bInheritHandle = false;
} }