diff options
| author | alexeypa@chromium.org <alexeypa@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-05-05 03:12:02 +0000 |
|---|---|---|
| committer | alexeypa@chromium.org <alexeypa@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-05-05 03:12:02 +0000 |
| commit | efae4c211a6e8f9839b107ffc9295015cccf6e61 (patch) | |
| tree | 96eebf25045acc4db0b700dcb9be5133da37e052 /remoting | |
| parent | 49a8382d6bd4d21a0fc9e742c86bc96216b5c6f7 (diff) | |
| download | chromium_src-efae4c211a6e8f9839b107ffc9295015cccf6e61.zip chromium_src-efae4c211a6e8f9839b107ffc9295015cccf6e61.tar.gz chromium_src-efae4c211a6e8f9839b107ffc9295015cccf6e61.tar.bz2 | |
Do not ask for PIN confirmation if a user runs elevated already.
BUG=125099
Review URL: http://codereview.chromium.org/10317029
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@135526 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'remoting')
| -rw-r--r-- | remoting/host/elevated_controller_win.cc | 42 |
1 files changed, 38 insertions, 4 deletions
diff --git a/remoting/host/elevated_controller_win.cc b/remoting/host/elevated_controller_win.cc index 12e54df..a9b0197 100644 --- a/remoting/host/elevated_controller_win.cc +++ b/remoting/host/elevated_controller_win.cc @@ -57,6 +57,36 @@ const char* const kReadonlyKeys[] = { kHostId, kXmppLogin }; // The configuration keys whose values may be read by GetConfig(). const char* const kUnprivilegedConfigKeys[] = { kHostId, kXmppLogin }; +// Determines if the client runs in the security context that allows performing +// administrative tasks (i.e. the user belongs to the adminstrators group and +// the client runs elevated). +bool IsClientAdmin() { + HRESULT hr = CoImpersonateClient(); + if (FAILED(hr)) { + return false; + } + + SID_IDENTIFIER_AUTHORITY nt_authority = SECURITY_NT_AUTHORITY; + PSID administrators_group = NULL; + BOOL result = AllocateAndInitializeSid(&nt_authority, + 2, + SECURITY_BUILTIN_DOMAIN_RID, + DOMAIN_ALIAS_RID_ADMINS, + 0, 0, 0, 0, 0, 0, + &administrators_group); + if (result) { + if (!CheckTokenMembership(NULL, administrators_group, &result)) { + result = false; + } + FreeSid(administrators_group); + } + + hr = CoRevertToSelf(); + CHECK(SUCCEEDED(hr)); + + return !!result; +} + // Reads and parses the configuration file up to |kMaxConfigFileSize| in // size. HRESULT ReadConfig(const FilePath& filename, @@ -200,10 +230,14 @@ HRESULT WriteConfig(const char* content, size_t length, HWND owner_window) { return E_FAIL; } - // Ask the user to verify the configuration. - remoting::VerifyConfigWindowWin verify_win(email, host_id, host_secret_hash); - if (verify_win.DoModal(owner_window) != IDOK) { - return E_FAIL; + // Ask the user to verify the configuration (unless the client is admin + // already). + if (!IsClientAdmin()) { + remoting::VerifyConfigWindowWin verify_win(email, host_id, + host_secret_hash); + if (verify_win.DoModal(owner_window) != IDOK) { + return E_FAIL; + } } // Extract the unprivileged fields from the configuration. |