-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow reordering tabs when UAC is disabled #11221
Conversation
This comment has been minimized.
This comment has been minimized.
OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken); | ||
GetTokenInformation(hToken.get(), TokenElevationType, &elevationType, sizeof(elevationType), &dwSize); | ||
GetTokenInformation(hToken.get(), TokenElevation, &elevationState, sizeof(elevationState), &dwSize); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
THROW_IF_WIN32_BOOL_FALSE?
DWORD dwSize; | ||
wil::unique_handle hToken; | ||
TOKEN_ELEVATION_TYPE elevationType; | ||
TOKEN_ELEVATION elevationState{ 0 }; | ||
|
||
OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken); | ||
THROW_IF_WIN32_BOOL_FALSE(GetTokenInformation(hToken.get(), TokenElevationType, &elevationType, sizeof(elevationType), &dwSize)); | ||
THROW_IF_WIN32_BOOL_FALSE(GetTokenInformation(hToken.get(), TokenElevation, &elevationState, sizeof(elevationState), &dwSize)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You're gonna think this is crazy, but... check this out.
I think you can do this with WIL, and I believe that you can even use the pseudotokens that do not need lifetime management.
DWORD dwSize; | |
wil::unique_handle hToken; | |
TOKEN_ELEVATION_TYPE elevationType; | |
TOKEN_ELEVATION elevationState{ 0 }; | |
OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken); | |
THROW_IF_WIN32_BOOL_FALSE(GetTokenInformation(hToken.get(), TokenElevationType, &elevationType, sizeof(elevationType), &dwSize)); | |
THROW_IF_WIN32_BOOL_FALSE(GetTokenInformation(hToken.get(), TokenElevation, &elevationState, sizeof(elevationState), &dwSize)); | |
auto elevationType = wil::get_token_information<TOKEN_ELEVATION_TYPE>(GetCurrentProcessToken()); | |
auto elevationState = wil::get_token_information<TOKEN_ELEVATION>(GetCurrentProcessToken()); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Make sure to include token_helpers.h somewhere
SID_IDENTIFIER_AUTHORITY ntAuthority{ SECURITY_NT_AUTHORITY }; | ||
wil::unique_sid adminGroupSid{}; | ||
THROW_IF_WIN32_BOOL_FALSE(AllocateAndInitializeSid(&ntAuthority, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, &adminGroupSid)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
holy f---
wil has an automatic helper for this too. wil::test_token_membership
. It takes a list of SIDs and Authorities.
https://github.com/microsoft/wil/wiki/Token-Helpers#wiltest_token_membership
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If you don't want to do these, I will gladly come by in a followup PR and just do 'em. 😄
Hello @zadjii-msft! Because this pull request has the p.s. you can customize the way I help with merging this pull request, such as holding this pull request until a specific person approves. Simply @mention me (
|
🎉 Handy links: |
When we're elevated, we disable drag/dropping tabs when elevated, because of a platform limitation that causes the app to crash (see #4874). However, if the user has UAC disabled, this actually works alright. So I'm adding it back in that case.
I'm not positive if this is the best way to check if UAC is disabled, but normally, you'll get a
TokenElevationTypeFull
when elevated, notTokenElevationTypeDefault
. If the app is elevated, but there's not a split token, that kinda implies there's no user account separation. If I'm wrong, it's just code, let's replace this with something that does work.Validation Steps Performed
Booted up a Win10 VM, set
enableLUA
to0
, rebooted, and checked if this exploded. It didn't.References #4874
References #3581
Work done in pursuit of #11096
Closes #7754