mirror of
https://github.com/reactos/reactos.git
synced 2025-05-25 04:03:56 +00:00
[UMPNPMGR] Check for interactive caller in PNP_ReportLogOn
Do not run device install when a non-interactive user logs on.
This commit is contained in:
Eric Kohl
parent
e54b32b434
commit
13e6cbcafa
1 changed files with 54 additions and 1 deletions
|
|
@ -549,6 +549,56 @@ GetConfigurationData(
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static
|
||||||
|
BOOL
|
||||||
|
IsCallerInteractive(
|
||||||
|
_In_ handle_t hBinding)
|
||||||
|
{
|
||||||
|
SID_IDENTIFIER_AUTHORITY NtAuthority = {SECURITY_NT_AUTHORITY};
|
||||||
|
HANDLE hToken;
|
||||||
|
PSID pInteractiveSid = NULL;
|
||||||
|
BOOL bInteractive = FALSE;
|
||||||
|
RPC_STATUS RpcStatus;
|
||||||
|
|
||||||
|
DPRINT("IsCallerInteractive(%p)\n", hBinding);
|
||||||
|
|
||||||
|
/* Allocate an interactive user sid */
|
||||||
|
if (!AllocateAndInitializeSid(&NtAuthority,
|
||||||
|
1,
|
||||||
|
SECURITY_INTERACTIVE_RID,
|
||||||
|
0, 0, 0, 0, 0, 0, 0,
|
||||||
|
&pInteractiveSid))
|
||||||
|
{
|
||||||
|
DPRINT1("AllocateAndInitializeSid failed\n");
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Impersonate the client */
|
||||||
|
RpcStatus = RpcImpersonateClient(hBinding);
|
||||||
|
if (RpcStatus != RPC_S_OK)
|
||||||
|
{
|
||||||
|
DPRINT1("RpcImpersonateClient failed (Status 0x%08lx)\n", RpcStatus);
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Open the thread token and check for interactive user membership */
|
||||||
|
if (OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, FALSE, &hToken))
|
||||||
|
{
|
||||||
|
CheckTokenMembership(hToken, pInteractiveSid, &bInteractive);
|
||||||
|
CloseHandle(hToken);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Revert the impersonation */
|
||||||
|
RpcRevertToSelf();
|
||||||
|
|
||||||
|
done:
|
||||||
|
if (pInteractiveSid)
|
||||||
|
FreeSid(pInteractiveSid);
|
||||||
|
|
||||||
|
return bInteractive;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
VOID
|
VOID
|
||||||
__RPC_USER
|
__RPC_USER
|
||||||
PNP_NOTIFY_HANDLE_rundown(
|
PNP_NOTIFY_HANDLE_rundown(
|
||||||
|
|
@ -646,12 +696,15 @@ PNP_ReportLogOn(
|
||||||
DWORD ReturnValue = CR_FAILURE;
|
DWORD ReturnValue = CR_FAILURE;
|
||||||
HANDLE hProcess;
|
HANDLE hProcess;
|
||||||
|
|
||||||
UNREFERENCED_PARAMETER(hBinding);
|
|
||||||
UNREFERENCED_PARAMETER(Admin);
|
UNREFERENCED_PARAMETER(Admin);
|
||||||
|
|
||||||
DPRINT("PNP_ReportLogOn(%p %u, %u)\n",
|
DPRINT("PNP_ReportLogOn(%p %u, %u)\n",
|
||||||
hBinding, Admin, ProcessId);
|
hBinding, Admin, ProcessId);
|
||||||
|
|
||||||
|
/* Fail, if the caller is not an interactive user */
|
||||||
|
if (!IsCallerInteractive(hBinding))
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
/* Get the users token */
|
/* Get the users token */
|
||||||
hProcess = OpenProcess(PROCESS_ALL_ACCESS, TRUE, ProcessId);
|
hProcess = OpenProcess(PROCESS_ALL_ACCESS, TRUE, ProcessId);
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue