-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow reordering tabs when UAC is disabled #11221
Changes from 1 commit
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -131,11 +131,32 @@ static Documents::Run _BuildErrorRun(const winrt::hstring& text, const ResourceD | |
// Method Description: | ||
// - Returns whether the user is either a member of the Administrators group or | ||
// is currently elevated. | ||
// - This will return **FALSE** if the user has UAC disabled entirely, because | ||
// there's no separation of power between the user and an admin in that case. | ||
// Return Value: | ||
// - true if the user is an administrator | ||
static bool _isUserAdmin() noexcept | ||
try | ||
{ | ||
DWORD dwSize; | ||
wil::unique_handle hToken; | ||
TOKEN_ELEVATION_TYPE elevationType; | ||
TOKEN_ELEVATION elevationState{ 0 }; | ||
|
||
OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken); | ||
GetTokenInformation(hToken.get(), TokenElevationType, &elevationType, sizeof(elevationType), &dwSize); | ||
GetTokenInformation(hToken.get(), TokenElevation, &elevationState, sizeof(elevationState), &dwSize); | ||
if (elevationType == TokenElevationTypeDefault && elevationState.TokenIsElevated) | ||
{ | ||
// In this case, the user has UAC entirely disabled. This is sorta | ||
// weird, we treat this like the user isn't an admin at all. There's no | ||
// separation of powers, so the things we normally want to gate on | ||
// "having special powers" doesn't apply. | ||
// | ||
// See GH#7754, GH#11096 | ||
return false; | ||
} | ||
|
||
SID_IDENTIFIER_AUTHORITY ntAuthority{ SECURITY_NT_AUTHORITY }; | ||
wil::unique_sid adminGroupSid{}; | ||
THROW_IF_WIN32_BOOL_FALSE(AllocateAndInitializeSid(&ntAuthority, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, &adminGroupSid)); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. holy f--- wil has an automatic helper for this too. https://github.com/microsoft/wil/wiki/Token-Helpers#wiltest_token_membership There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. If you don't want to do these, I will gladly come by in a followup PR and just do 'em. 😄 |
||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
THROW_IF_WIN32_BOOL_FALSE?