mirrors/Sandboxie
mirrors
/
Sandboxie
mirror of https://github.com/sandboxie-plus/Sandboxie.git
1
0
Fork 0
Code Releases Activity

1.14.1

This commit is contained in:
DavidXanatos 2024-05-22 20:24:49 +02:00
parent 68d0254983
commit bb12dd837d
7 changed files with 726 additions and 665 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CHANGELOG.md
View File

@ -15,6 +15,12 @@ This project adheres to [Semantic Versioning](http://semver.org/).
## [1.14.1 / 5.69.1] - 2024-05-??
### Added
- Add "Sandboxie\All Sandboxes" SID into token with SandboxieLogon [#3191](https://github.com/sandboxie-plus/Sandboxie/issues/3191)
- To use this feature SandboxieAllGroup=y must be enabled
- Note: that this fundamentaly changes the mechanism Sbie uses for token creation, the new mechanism can be enabled separately with "UseCreateToken=y"
- Added "EditAdminOnly=y" can now be configured per box
### Changed
- split the advanced new box wizard page in two

2
Sandboxie/core/svc/DriverAssistSid.cpp
View File

@ -93,7 +93,7 @@ NTSTATUS RemoveSidName(const WCHAR* domain, const WCHAR* user)
#define SBIE_RID 100 // must be between 80 and 111 inclusive
UCHAR SandboxieSid[12] = { // S-1-5-100-
UCHAR SandboxieSid[12] = { // S-1-5-100
1, // Revision
1, // SubAuthorityCount
0,0,0,0,0,5, // SECURITY_NT_AUTHORITY // IdentifierAuthority

10
Sandboxie/core/svc/sbieiniserver.cpp
View File

@ -371,7 +371,7 @@ MSG_HEADER *SbieIniServer::GetUser(MSG_HEADER *msg)
bool ok2 = SetUserSettingsSectionName(hToken);
BOOLEAN admin = FALSE;
if (ok2 && TokenIsAdmin(hToken))
if (ok2 && TokenIsAdmin(hToken, true))
admin = TRUE;
CloseHandle(hToken);
@ -469,7 +469,7 @@ ULONG SbieIniServer::CheckRequest(MSG_HEADER *msg)
} else {
ULONG status = IsCallerAuthorized(hToken, req->password);
ULONG status = IsCallerAuthorized(hToken, req->password, req->section);
if (status != 0)
return status;
}
@ -718,7 +718,7 @@ finish:
//---------------------------------------------------------------------------
ULONG SbieIniServer::IsCallerAuthorized(HANDLE hToken, const WCHAR *Password)
ULONG SbieIniServer::IsCallerAuthorized(HANDLE hToken, const WCHAR *Password, const WCHAR *Section)
{
WCHAR buf[42], buf2[42];
@ -726,9 +726,9 @@ ULONG SbieIniServer::IsCallerAuthorized(HANDLE hToken, const WCHAR *Password)
// check for Administrator-only access
//
if (SbieApi_QueryConfBool(NULL, L"EditAdminOnly", FALSE)) {
if (SbieApi_QueryConfBool(Section, L"EditAdminOnly", FALSE)) {
if (! TokenIsAdmin(hToken)) {
if (! TokenIsAdmin(hToken, true)) {
CloseHandle(hToken);
return STATUS_LOGON_NOT_GRANTED;
}

2
Sandboxie/core/svc/sbieiniserver.h
View File

@ -95,7 +95,7 @@ protected:
bool GetIniPath(WCHAR **IniPath,
BOOLEAN *IsHomePath = NULL, BOOLEAN* IsUTF8 = NULL);
ULONG IsCallerAuthorized(HANDLE hToken, const WCHAR *Password);
ULONG IsCallerAuthorized(HANDLE hToken, const WCHAR *Password, const WCHAR *Section = NULL);
void LockConf(WCHAR *IniPath);

1361
SandboxiePlus/SandMan/Forms/OptionsWindow.ui
View File

File diff suppressed because it is too large Load Diff

7
SandboxiePlus/SandMan/Windows/OptionsAdvanced.cpp
View File

@ -106,6 +106,7 @@ void COptionsWindow::CreateAdvanced()
connect(ui.chkConfidential, SIGNAL(clicked(bool)), this, SLOT(OnConfidentialChanged()));
connect(ui.chkLessConfidential, SIGNAL(clicked(bool)), this, SLOT(OnLessConfidentialChanged()));
connect(ui.chkProtectWindow, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
connect(ui.chkAdminOnly, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
connect(ui.chkBlockCapture, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
connect(ui.chkNotifyProtect, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
@ -280,7 +281,9 @@ void COptionsWindow::LoadAdvanced()
QString str = m_pBox->GetText("OpenWinClass", "");
ui.chkBlockCapture->setChecked(m_pBox->GetBool("BlockScreenCapture") && QString::compare(str, "*") != 0);
ui.chkBlockCapture->setCheckable(QString::compare(str, "*") != 0);
ui.chkAdminOnly->setChecked(m_pBox->GetBool("EditAdminOnly", false));
/*ui.chkLockWhenClose->setChecked(m_pBox->GetBool("LockWhenClose", false));
ui.chkLockWhenClose->setCheckable(m_pBox->GetBool("UseFileImage", false));
ui.chkLockWhenClose->setEnabled(m_pBox->GetBool("UseFileImage", false));
@ -523,6 +526,8 @@ void COptionsWindow::SaveAdvanced()
WriteAdvancedCheck(ui.chkProtectWindow, "CoverBoxedWindows", "y", "");
WriteAdvancedCheck(ui.chkBlockCapture, "BlockScreenCapture", "y", "");
//WriteAdvancedCheck(ui.chkLockWhenClose, "LockWhenClose", "y", "");
WriteAdvancedCheck(ui.chkAdminOnly, "EditAdminOnly", "y", "");
QStringList Users;
for (int i = 0; i < ui.lstUsers->count(); i++)

3
SandboxiePlus/SandMan/Windows/OptionsWindow.cpp
View File

@ -207,7 +207,8 @@ COptionsWindow::COptionsWindow(const QSharedPointer<CSbieIni>& pBox, const QStri
ui.tabsGeneral->setTabIcon(1, CSandMan::GetIcon("Folder"));
ui.tabsGeneral->setTabIcon(2, CSandMan::GetIcon("Move"));
ui.tabsGeneral->setTabIcon(3, CSandMan::GetIcon("NoAccess"));
ui.tabsGeneral->setTabIcon(4, CSandMan::GetIcon("Run"));
ui.tabsGeneral->setTabIcon(4, CSandMan::GetIcon("Fence"));
ui.tabsGeneral->setTabIcon(5, CSandMan::GetIcon("Run"));
ui.tabsSecurity->setCurrentIndex(0);
ui.tabsSecurity->setTabIcon(0, CSandMan::GetIcon("Shield7"));