Merge mozilla-central to autoland. CLOSED TREE
[gecko.git] / toolkit / xre / WinTokenUtils.cpp
blob4774ec6dad676706cb6b7080c8c4697e5f96f075
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at https://mozilla.org/MPL/2.0/. */
7 #include "WinTokenUtils.h"
8 #include "nsWindowsHelpers.h"
10 using namespace mozilla;
12 // If |aToken| is nullptr, CheckTokenMembership uses the calling thread's
13 // primary token to check membership for.
14 static LauncherResult<bool> IsMemberOfAdministrators(
15 const nsAutoHandle& aToken) {
16 BYTE adminsGroupSid[SECURITY_MAX_SID_SIZE];
17 DWORD adminsGroupSidSize = sizeof(adminsGroupSid);
18 if (!CreateWellKnownSid(WinBuiltinAdministratorsSid, nullptr, adminsGroupSid,
19 &adminsGroupSidSize)) {
20 return LAUNCHER_ERROR_FROM_LAST();
23 BOOL isMember;
24 if (!CheckTokenMembership(aToken, adminsGroupSid, &isMember)) {
25 return LAUNCHER_ERROR_FROM_LAST();
27 return !!isMember;
30 static LauncherResult<bool> IsUacEnabled() {
31 DWORD len = sizeof(DWORD);
32 DWORD value;
33 LSTATUS status = RegGetValueW(
34 HKEY_LOCAL_MACHINE,
35 L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System",
36 L"EnableLUA", RRF_RT_DWORD, nullptr, &value, &len);
37 if (status != ERROR_SUCCESS) {
38 return LAUNCHER_ERROR_FROM_WIN32(status);
41 // UAC is disabled only when EnableLUA is 0.
42 return (value != 0);
45 namespace mozilla {
47 LauncherResult<bool> IsAdminWithoutUac() {
48 // To check whether the process was launched with Administrator priviledges
49 // or not, we cannot simply check the integrity level of the current process
50 // because the launcher process spawns the browser process with the medium
51 // integrity level even though the launcher process is high integrity level.
52 // We check whether the thread's token contains Administratos SID or not
53 // instead.
54 LauncherResult<bool> containsAdminGroup =
55 IsMemberOfAdministrators(nsAutoHandle());
56 if (containsAdminGroup.isErr()) {
57 return containsAdminGroup.propagateErr();
60 if (!containsAdminGroup.unwrap()) {
61 return false;
64 LauncherResult<bool> isUacEnabled = IsUacEnabled();
65 if (isUacEnabled.isErr()) {
66 return isUacEnabled.propagateErr();
69 return !isUacEnabled.unwrap();
72 } // namespace mozilla