[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[win-pv-devel] [PATCH 2/4] Add option to elevate administrator users

To: <win-pv-devel@xxxxxxxxxxxxxxxxxxxx>
From: Owen Smith <owen.smith@xxxxxxxxxx>
Date: Thu, 7 Nov 2019 15:53:16 +0000
Authentication-results: esa2.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none; spf=None smtp.pra=owen.smith@xxxxxxxxxx; spf=Pass smtp.mailfrom=owen.smith@xxxxxxxxxx; spf=None smtp.helo=postmaster@xxxxxxxxxxxxxxx
Cc: Owen Smith <owen.smith@xxxxxxxxxx>
Delivery-date: Thu, 07 Nov 2019 15:53:48 +0000
Ironport-sdr: /X+79eY5HpskRw/fUNHZ1up0Zvb+ACy9iTLlbGaJyHsA/Q86tauPRR6V9BW6aSV9OjXYzmEbId 6QipM2Z2ou6kqY17s/ldEPGuE5aw7dwaDuJNN/v5c+m09MBiTYay5BKhfE3+8ngZMfGjR/YZp0 EaO8NNLBCexgUioqmprbVV08Cyy0uiVUZufIXl/NlZzk2oHSggXkDqWAGY3YLef83jd8VpmUdq EFHPxnI4JvckLYDdt6QsVXLAdVQliERHy6CaSw7Qlolx+6xXAD2IMjJZ/CDuK6Qipq4BTxK3IF N0k=
List-id: Developer list for the Windows PV Drivers subproject <win-pv-devel.lists.xenproject.org>

If the user has Administrator access, add a prompt and ability to
elevate the access to the Administrator privilege level instead of
retaining the user privilege level.

Signed-off-by: Owen Smith <owen.smith@xxxxxxxxxx>
---
 src/tty/tty.c | 68 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 68 insertions(+)

diff --git a/src/tty/tty.c b/src/tty/tty.c
index 035f18c..e295f06 100644
--- a/src/tty/tty.c
+++ b/src/tty/tty.c
@@ -52,6 +52,7 @@ typedef struct _TTY_CONTEXT {
     TTY_STREAM          Device;
     TCHAR               UserName[MAXIMUM_BUFFER_SIZE];
     HANDLE              Token;
+    HANDLE              OriginalToken;
     PROCESS_INFORMATION ProcessInfo;
 } TTY_CONTEXT, *PTTY_CONTEXT;
 
@@ -349,6 +350,69 @@ GetCredentials(
     return TRUE;
 }
 
+static BOOL
+RequestElevation(
+    VOID
+    )
+{
+    PTTY_CONTEXT            Context = &TtyContext;
+    TOKEN_ELEVATION_TYPE    Elevation;
+    DWORD                   Size;
+    TCHAR                   Buffer[MAXIMUM_BUFFER_SIZE];
+    PTCHAR                  End;
+    TOKEN_LINKED_TOKEN      LinkedToken;
+    BOOL                    Success;
+
+    Success = GetTokenInformation(Context->Token,
+                                  TokenElevationType,
+                                  &Elevation,
+                                  sizeof(Elevation),
+                                  &Size);
+    if (!Success)
+        return TRUE;
+
+    if (Elevation != TokenElevationTypeLimited)
+        return TRUE;
+
+    ECHO(&Context->Device, "\r\n");
+    ECHO(&Context->Device, " run as Administrator [yes|no]: ");
+
+    ZeroMemory(Buffer, sizeof (Buffer));
+
+    Success = GetLine(&Context->Device,
+                      Buffer,
+                      sizeof (Buffer),
+                      &Size,
+                      FALSE);
+    if (!Success)
+        return FALSE;
+
+    End = _tcschr(Buffer, TEXT('\r'));
+    if (End == NULL)
+        return FALSE;
+
+    *End = TEXT('\0');
+
+    if (_tcslen(Buffer) == 0)
+        return FALSE;
+
+    if (_tcscmp(Buffer, TEXT("yes")) != 0)
+        return TRUE;
+
+    Success = GetTokenInformation(Context->Token,
+                                  TokenLinkedToken,
+                                  &LinkedToken,
+                                  sizeof(LinkedToken),
+                                  &Size);
+    if (!Success)
+        return FALSE;
+
+    Context->OriginalToken = Context->Token;
+    Context->Token = LinkedToken.LinkedToken;
+
+    return TRUE;
+}
+
 static DWORD WINAPI
 TtyIn(
     IN  LPVOID      Argument
@@ -498,6 +562,10 @@ _tmain(
 
     ZeroMemory(Password, sizeof(Password));
 
+    if (!Success)
+        ExitProcess(1);
+
+    Success = RequestElevation();
     if (!Success)
         ExitProcess(1);
 
-- 
2.16.2.windows.1


_______________________________________________
win-pv-devel mailing list
win-pv-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/win-pv-devel

Follow-Ups:
- Re: [win-pv-devel] [PATCH 2/4] Add option to elevate administrator users
  - From: Paul Durrant

References:
- [win-pv-devel] [PATCH 1/4] Don't store password longer than required
  - From: Owen Smith

Next by Date: [win-pv-devel] [PATCH 1/4] Don't store password longer than required
Previous by thread: [win-pv-devel] [PATCH 1/4] Don't store password longer than required
Next by thread: Re: [win-pv-devel] [PATCH 2/4] Add option to elevate administrator users
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.