Fixed issue with autostarting as admin even if it should as user, fix…

…ed issue with autostart permissions bug (#1538) * Fixed issue with autostarting as admin even if it should as user, fixed permissions issue for autostart configuration * Indentation fix * Added support for all cases of autostart task modifying * Fix for compilation
microsoft · Mar 17, 2020 · 72eb761 · 72eb761
1 parent d8c1cb2
commit 72eb761
Show file tree

Hide file tree

Showing 8 changed files with 93 additions and 97 deletions.
diff --git a/installer/PowerToysSetupCustomActions/CustomAction.cpp b/installer/PowerToysSetupCustomActions/CustomAction.cpp
@@ -221,22 +221,25 @@ UINT __stdcall CreateScheduledTaskCA(MSIHANDLE hInstall) {
   }
 
   // Run the task with the highest available privileges.
-  hr = pPrincipal->put_RunLevel(TASK_RUNLEVEL_HIGHEST);
+  hr = pPrincipal->put_RunLevel(TASK_RUNLEVEL_LUA);
   pPrincipal->Release();
   ExitOnFailure(hr, "Cannot put principal run level: %x", hr);
 
   // ------------------------------------------------------
   //  Save the task in the PowerToys folder.
-  hr = pTaskFolder->RegisterTaskDefinition(
-    _bstr_t(wstrTaskName.c_str()),
-    pTask,
-    TASK_CREATE_OR_UPDATE,
-    _variant_t(username_domain),
-    _variant_t(),
-    TASK_LOGON_INTERACTIVE_TOKEN,
-    _variant_t(L""),
-    &pRegisteredTask);
-  ExitOnFailure(hr, "Error saving the Task : %x", hr);
+  {
+    _variant_t SDDL_FULL_ACCESS_FOR_EVERYONE = L"D:(A;;FA;;;WD)";
+    hr = pTaskFolder->RegisterTaskDefinition(
+      _bstr_t(wstrTaskName.c_str()),
+      pTask,
+      TASK_CREATE_OR_UPDATE,
+      _variant_t(username_domain),
+      _variant_t(),
+      TASK_LOGON_INTERACTIVE_TOKEN,
+      SDDL_FULL_ACCESS_FOR_EVERYONE,
+      &pRegisteredTask);
+    ExitOnFailure(hr, "Error saving the Task : %x", hr);
+  }
 
   WcaLog(LOGMSG_STANDARD, "Scheduled task created for the current user.");
 

diff --git a/src/runner/auto_start_helper.cpp b/src/runner/auto_start_helper.cpp
@@ -1,6 +1,8 @@
 #include "pch.h"
 #include "auto_start_helper.h"
 
+#include "general_settings.h"
+
 #include <Lmcons.h>
 
 #include <comdef.h>
@@ -35,7 +37,7 @@
 const DWORD USERNAME_DOMAIN_LEN = DNLEN + UNLEN + 2; // Domain Name + '\' + User Name + '\0'
 const DWORD USERNAME_LEN = UNLEN + 1; // User Name + '\0'
 
-bool enable_auto_start_task_for_this_user()
+bool create_auto_start_task_for_this_user(bool runEvelvated)
 {
     HRESULT hr = S_OK;
 
@@ -217,8 +219,7 @@ bool enable_auto_start_task_for_this_user()
 
         hr = pPrincipal->put_LogonType(TASK_LOGON_INTERACTIVE_TOKEN);
 
-        // Run the task with the highest available privileges.
-        if (IsUserAnAdmin())
+        if (runEvelvated)
         {
             hr = pPrincipal->put_RunLevel(_TASK_RUNLEVEL::TASK_RUNLEVEL_HIGHEST);
         }
@@ -231,16 +232,19 @@ bool enable_auto_start_task_for_this_user()
     }
     // ------------------------------------------------------
     //  Save the task in the PowerToys folder.
-    hr = pTaskFolder->RegisterTaskDefinition(
-        _bstr_t(wstrTaskName.c_str()),
-        pTask,
-        TASK_CREATE_OR_UPDATE,
-        _variant_t(username_domain),
-        _variant_t(),
-        TASK_LOGON_INTERACTIVE_TOKEN,
-        _variant_t(L""),
-        &pRegisteredTask);
-    ExitOnFailure(hr, "Error saving the Task : %x", hr);
+    {
+        _variant_t SDDL_FULL_ACCESS_FOR_EVERYONE = L"D:(A;;FA;;;WD)";
+        hr = pTaskFolder->RegisterTaskDefinition(
+            _bstr_t(wstrTaskName.c_str()),
+            pTask,
+            TASK_CREATE_OR_UPDATE,
+            _variant_t(username_domain),
+            _variant_t(),
+            TASK_LOGON_INTERACTIVE_TOKEN,
+            SDDL_FULL_ACCESS_FOR_EVERYONE,
+            &pRegisteredTask);
+        ExitOnFailure(hr, "Error saving the Task : %x", hr);
+    }
 
 LExit:
     if (pService)
@@ -261,7 +265,7 @@ bool enable_auto_start_task_for_this_user()
     return (SUCCEEDED(hr));
 }
 
-bool disable_auto_start_task_for_this_user()
+bool delete_auto_start_task_for_this_user()
 {
     HRESULT hr = S_OK;
 
@@ -313,13 +317,7 @@ bool disable_auto_start_task_for_this_user()
         if (SUCCEEDED(hr))
         {
             // Task exists, try disabling it.
-            hr = pExistingRegisteredTask->put_Enabled(VARIANT_FALSE);
-            pExistingRegisteredTask->Release();
-            if (SUCCEEDED(hr))
-            {
-                // Function disable. Sounds like a success.
-                ExitFunction();
-            }
+            hr = pTaskFolder->DeleteTask(_bstr_t(wstrTaskName.c_str()), 0);
         }
     }
 

diff --git a/src/runner/auto_start_helper.h b/src/runner/auto_start_helper.h
@@ -1,4 +1,5 @@
 #pragma once
+
 bool is_auto_start_task_active_for_this_user();
-bool enable_auto_start_task_for_this_user();
-bool disable_auto_start_task_for_this_user();
+bool create_auto_start_task_for_this_user(bool runEvelvated);
+bool delete_auto_start_task_for_this_user();
diff --git a/src/runner/general_settings.cpp b/src/runner/general_settings.cpp
@@ -115,6 +115,8 @@ json::JsonObject get_general_settings()
 
 void apply_general_settings(const json::JsonObject& general_configs)
 {
+    run_as_elevated = general_configs.GetNamedBoolean(L"run_elevated", false);
+
     if (json::has(general_configs, L"startup", json::JsonValueType::Boolean))
     {
         const bool startup = general_configs.GetNamedBoolean(L"startup");
@@ -124,18 +126,33 @@ void apply_general_settings(const json::JsonObject& general_configs)
         }
         else
         {
-            const bool current_startup = is_auto_start_task_active_for_this_user();
-            if (current_startup != startup)
+            if (startup)
             {
-                if (startup)
+                if (is_process_elevated())
                 {
-                    enable_auto_start_task_for_this_user();
+                    delete_auto_start_task_for_this_user();
+                    create_auto_start_task_for_this_user(general_configs.GetNamedBoolean(L"run_elevated", false));
                 }
                 else
                 {
-                    disable_auto_start_task_for_this_user();
+                    if (!is_auto_start_task_active_for_this_user())
+                    {
+                        delete_auto_start_task_for_this_user();
+                        create_auto_start_task_for_this_user(false);
+
+                        run_as_elevated = false;
+                    }
+                    else if (!general_configs.GetNamedBoolean(L"run_elevated", false))
+                    {
+                        delete_auto_start_task_for_this_user();
+                        create_auto_start_task_for_this_user(false);
+                    }
                 }
             }
+            else
+            {
+                delete_auto_start_task_for_this_user();
+            }
         }
     }
     if (json::has(general_configs, L"enabled"))
@@ -169,7 +186,7 @@ void apply_general_settings(const json::JsonObject& general_configs)
             }
         }
     }
-    run_as_elevated = general_configs.GetNamedBoolean(L"run_elevated", false);
+
     if (json::has(general_configs, L"theme", json::JsonValueType::String))
     {
         settings_theme = general_configs.GetNamedString(L"theme");

diff --git a/src/settings-web/src/components/GeneralSettings.tsx b/src/settings-web/src/components/GeneralSettings.tsx
@@ -138,7 +138,8 @@ export class GeneralSettings extends React.Component <any, any> {
 
         {this.state.settings.general.is_admin &&
         (<BoolToggleSettingsControl
-          setting={{display_name: 'Always run as administrator', value: this.state.settings.general.run_elevated}}
+          setting={{display_name: this.state.settings.general.is_elevated ? 'Always run as administrator' : 'Always run as administrator (Restart as administrator to change this)', value: this.state.settings.general.run_elevated}}
+          disabled={!this.state.settings.general.is_elevated}
           on_change={this.parent_on_change}
           ref={(input) => {this.elevated_reference=input;}}
         />)