1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 // Information about the current process.
7 #include "rlz/win/lib/process_info.h"
10 #include <Sddl.h> // For ConvertSidToStringSid.
11 #include <LMCons.h> // For UNLEN
13 #include "base/logging.h"
14 #include "base/memory/scoped_ptr.h"
15 #include "base/process_util.h"
16 #include "base/win/scoped_handle.h"
17 #include "base/win/windows_version.h"
18 #include "rlz/lib/assert.h"
22 HRESULT
GetCurrentUser(std::wstring
* name
,
27 // Get the current username & domain the hard way. (GetUserNameEx would be
28 // nice, but unfortunately requires connectivity to a domain controller.
31 // (Following call doesn't work if running as a Service - because a Service
32 // runs under special accounts like LOCAL_SYSTEM, not as the logged in user.
33 // In which case, search for and use the process handle of a running
36 if (!::OpenProcessToken(::GetCurrentProcess(), TOKEN_QUERY
, &token
))
39 base::win::ScopedHandle
scoped_process_token(token
);
41 // (Following call will fail with ERROR_INSUFFICIENT_BUFFER and give us the
43 scoped_ptr
<char[]> token_user_bytes
;
44 DWORD token_user_size
;
45 DWORD token_user_size2
;
46 BOOL result
= ::GetTokenInformation(token
, TokenUser
, NULL
, 0,
48 err
= ::GetLastError();
49 CHECK(!result
&& err
== ERROR_INSUFFICIENT_BUFFER
);
51 token_user_bytes
.reset(new char[token_user_size
]);
52 if (!token_user_bytes
.get())
55 if (!::GetTokenInformation(token
, TokenUser
, token_user_bytes
.get(),
56 token_user_size
, &token_user_size2
)) {
60 WCHAR user_name
[UNLEN
+ 1]; // max username length
61 WCHAR domain_name
[UNLEN
+ 1];
62 DWORD user_name_size
= UNLEN
+ 1;
63 DWORD domain_name_size
= UNLEN
+ 1;
64 SID_NAME_USE sid_type
;
65 TOKEN_USER
* token_user
=
66 reinterpret_cast<TOKEN_USER
*>(token_user_bytes
.get());
69 PSID user_sid
= token_user
->User
.Sid
;
70 if (!::LookupAccountSidW(NULL
, user_sid
, user_name
, &user_name_size
,
71 domain_name
, &domain_name_size
, &sid_type
)) {
79 *domain
= domain_name
;
83 ConvertSidToStringSidW(user_sid
, &string_sid
);
84 *sid
= string_sid
; // copy out to cstring
85 // free memory, as documented for ConvertSidToStringSid
86 LocalFree(string_sid
);
92 HRESULT
GetElevationType(PTOKEN_ELEVATION_TYPE elevation
) {
96 *elevation
= TokenElevationTypeDefault
;
98 if (base::win::GetVersion() < base::win::VERSION_VISTA
)
101 HANDLE process_token
;
102 if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY
, &process_token
))
103 return HRESULT_FROM_WIN32(GetLastError());
105 base::win::ScopedHandle
scoped_process_token(process_token
);
108 TOKEN_ELEVATION_TYPE elevation_type
;
109 if (!GetTokenInformation(process_token
, TokenElevationType
, &elevation_type
,
110 sizeof(elevation_type
), &size
)) {
111 return HRESULT_FROM_WIN32(GetLastError());
114 *elevation
= elevation_type
;
118 // based on http://msdn2.microsoft.com/en-us/library/aa376389.aspx
119 bool GetUserGroup(long* group
) {
125 // groups are listed in DECREASING order of importance
126 // (eg. If a user is a member of both the admin group and
127 // the power user group, it is more useful to list the user
129 DWORD user_groups
[] = {DOMAIN_ALIAS_RID_ADMINS
,
130 DOMAIN_ALIAS_RID_POWER_USERS
};
131 SID_IDENTIFIER_AUTHORITY nt_authority
= SECURITY_NT_AUTHORITY
;
133 for (int i
= 0; i
< arraysize(user_groups
) && *group
== 0; ++i
) {
135 if (AllocateAndInitializeSid(&nt_authority
, 2,
136 SECURITY_BUILTIN_DOMAIN_RID
,
137 user_groups
[i
], 0, 0, 0, 0,
138 0, 0, ¤t_group
)) {
140 if (CheckTokenMembership(NULL
, current_group
, ¤t_level
) &&
142 *group
= user_groups
[i
];
145 FreeSid(current_group
);
156 bool ProcessInfo::IsRunningAsSystem() {
157 static std::wstring name
;
158 static std::wstring domain
;
159 static std::wstring sid
;
161 CHECK(SUCCEEDED(GetCurrentUser(&name
, &domain
, &sid
)));
163 return (name
== L
"SYSTEM");
166 bool ProcessInfo::HasAdminRights() {
167 static bool evaluated
= false;
168 static bool has_rights
= false;
171 if (IsRunningAsSystem()) {
173 } else if (base::win::GetVersion() >= base::win::VERSION_VISTA
) {
174 TOKEN_ELEVATION_TYPE elevation
;
175 base::IntegrityLevel level
;
177 if (SUCCEEDED(GetElevationType(&elevation
)) &&
178 base::GetProcessIntegrityLevel(base::GetCurrentProcessHandle(), &level
))
179 has_rights
= (elevation
== TokenElevationTypeFull
) ||
180 (level
== HIGH_INTEGRITY
);
183 if (GetUserGroup(&group
))
184 has_rights
= (group
== DOMAIN_ALIAS_RID_ADMINS
);
190 ASSERT_STRING("ProcessInfo::HasAdminRights: Does not have admin rights.");