From 708a2fb7ac5838a50d976f07d334e0c3cfe37ca9 Mon Sep 17 00:00:00 2001 From: DavidXanatos Date: Fri, 2 Sep 2022 11:04:49 +0200 Subject: [PATCH] 1.3.3 --- CHANGELOG.md | 5 ++++ SandboxiePlus/SandMan/Helpers/WinAdmin.cpp | 30 +++++++++++++++++++ SandboxiePlus/SandMan/Helpers/WinAdmin.h | 2 ++ .../SandMan/Windows/OptionsWindow.cpp | 17 +++++++++++ .../SandMan/Windows/SettingsWindow.cpp | 5 +++- 5 files changed, 58 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 666b0e1e..29e5887e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,9 @@ This project adheres to [Semantic Versioning](http://semver.org/). ## [1.3.3 / 5.58.3] - 2022-08-?? +### Changed +- improved sandman settings behavioure for non admin users [#2123](https://github.com/sandboxie-plus/Sandboxie/issues/2123) + ### Fixed - fixed issues with group moving drag and drop - approved more requied sys calls @@ -16,6 +19,8 @@ This project adheres to [Semantic Versioning](http://semver.org/). - fixed issue with keyboard delete shortcut for process termination + + ## [1.3.2 / 5.58.2] - 2022-08-30 ### Added diff --git a/SandboxiePlus/SandMan/Helpers/WinAdmin.cpp b/SandboxiePlus/SandMan/Helpers/WinAdmin.cpp index 86f38f1d..93f65075 100644 --- a/SandboxiePlus/SandMan/Helpers/WinAdmin.cpp +++ b/SandboxiePlus/SandMan/Helpers/WinAdmin.cpp @@ -72,6 +72,36 @@ int RestartElevated(int &argc, char **argv) return RunElevated(Params); } +bool IsAdminUser(bool OnlyFull) +{ + HANDLE hToken; + if (!OpenProcessToken(GetCurrentProcess(), MAXIMUM_ALLOWED, &hToken)) + return false; + + SID_IDENTIFIER_AUTHORITY NtAuthority = SECURITY_NT_AUTHORITY; + PSID AdministratorsGroup; + BOOL bRet = AllocateAndInitializeSid(&NtAuthority, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, &AdministratorsGroup); + if (bRet) { + if (!CheckTokenMembership(NULL, AdministratorsGroup, &bRet)) + bRet = FALSE; + FreeSid(AdministratorsGroup); + if (!bRet || OnlyFull) { + OSVERSIONINFO osvi; + osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO); + if (GetVersionEx(&osvi) && osvi.dwMajorVersion >= 6) { + ULONG elevationType, len; + bRet = GetTokenInformation(hToken, (TOKEN_INFORMATION_CLASS)TokenElevationType, &elevationType, sizeof(elevationType), &len); + if (bRet && (elevationType != TokenElevationTypeFull && (OnlyFull || elevationType != TokenElevationTypeLimited))) + bRet = FALSE; + } + } + } + + CloseHandle(hToken); + + return !!bRet; +} + ////////////////////////////////////////////////////////////////////////////////// // AutoRun diff --git a/SandboxiePlus/SandMan/Helpers/WinAdmin.h b/SandboxiePlus/SandMan/Helpers/WinAdmin.h index cd6dbf7f..337ab306 100644 --- a/SandboxiePlus/SandMan/Helpers/WinAdmin.h +++ b/SandboxiePlus/SandMan/Helpers/WinAdmin.h @@ -5,5 +5,7 @@ int RunElevated(const wstring& Params, bool bGetCode = false); int RunElevated(const wstring& binaryPath, const wstring& Params, bool bGetCode = false); int RestartElevated(int &argc, char **argv); +bool IsAdminUser(bool OnlyFull = false); + bool IsAutorunEnabled(); bool AutorunEnable(bool is_enable); diff --git a/SandboxiePlus/SandMan/Windows/OptionsWindow.cpp b/SandboxiePlus/SandMan/Windows/OptionsWindow.cpp index 5fc2e9f7..38eb11c9 100644 --- a/SandboxiePlus/SandMan/Windows/OptionsWindow.cpp +++ b/SandboxiePlus/SandMan/Windows/OptionsWindow.cpp @@ -374,6 +374,23 @@ COptionsWindow::COptionsWindow(const QSharedPointer& pBox, const QStri if (!Columns.isEmpty()) ui.treeTemplates->header()->restoreState(Columns); + if (theAPI->GetGlobalSettings()->GetBool("EditAdminOnly", false) && !IsAdminUser()) + { + for (int I = 0; I < ui.tabs->count(); I++) { + QGridLayout* pGrid = qobject_cast(ui.tabs->widget(I)->layout()); + QTabWidget* pSubTabs = pGrid ? qobject_cast(pGrid->itemAt(0)->widget()) : NULL; + if (!pSubTabs) { + ui.tabs->widget(I)->setEnabled(false); + } + else { + for (int J = 0; J < pSubTabs->count(); J++) { + pSubTabs->widget(J)->setEnabled(false); + } + } + } + } + + int iViewMode = theConf->GetInt("Options/ViewMode", 1); int iOptionTree = theConf->GetInt("Options/OptionTree", 2); if (iOptionTree == 2) diff --git a/SandboxiePlus/SandMan/Windows/SettingsWindow.cpp b/SandboxiePlus/SandMan/Windows/SettingsWindow.cpp index f426475e..3aea429f 100644 --- a/SandboxiePlus/SandMan/Windows/SettingsWindow.cpp +++ b/SandboxiePlus/SandMan/Windows/SettingsWindow.cpp @@ -475,6 +475,7 @@ void CSettingsWindow::LoadSettings() ui.chkSbieLogon->setChecked(theAPI->GetGlobalSettings()->GetBool("SandboxieLogon", false)); ui.chkAdminOnly->setChecked(theAPI->GetGlobalSettings()->GetBool("EditAdminOnly", false)); + ui.chkAdminOnly->setEnabled(IsAdminUser()); ui.chkPassRequired->setChecked(!theAPI->GetGlobalSettings()->GetText("EditPassword", "").isEmpty()); ui.chkAdminOnlyFP->setChecked(theAPI->GetGlobalSettings()->GetBool("ForceDisableAdminOnly", false)); ui.chkClearPass->setChecked(theAPI->GetGlobalSettings()->GetBool("ForgetPassword", false)); @@ -490,7 +491,8 @@ void CSettingsWindow::LoadSettings() foreach(const QString& Value, theAPI->GetGlobalSettings()->GetTextList("AlertFolder", false)) AddWarnEntry(Value, 2); } - else + + if(!theAPI->IsConnected() || (theAPI->GetGlobalSettings()->GetBool("EditAdminOnly", false) && !IsAdminUser())) { ui.fileRoot->setEnabled(false); ui.chkSeparateUserFolders->setEnabled(false); @@ -512,6 +514,7 @@ void CSettingsWindow::LoadSettings() ui.treeCompat->setEnabled(false); ui.btnAddCompat->setEnabled(false); ui.btnDelCompat->setEnabled(false); + ui.btnEditIni->setEnabled(false); }