54 lines
3.4 KiB
C++
54 lines
3.4 KiB
C++
/***
|
|
Copyright (C) 2023 J Reece Wilson (a/k/a "Reece"). All rights reserved.
|
|
|
|
File: RunAs.hpp
|
|
Date: 2023-12-23
|
|
Author: Reece
|
|
***/
|
|
#pragma once
|
|
|
|
namespace Aurora::Processes
|
|
{
|
|
AUE_DEFINE(ERunAsUser, (
|
|
eRegularUser, //
|
|
eSpecifiedImpersonation, // Privileged impersonation using admin creds and stated alternative uid/username (*)
|
|
eSuperUser, // Privileged status (root, standard run-as-admin privileges, etc)
|
|
eNTAS, // NT Authority/SYSTEM (*)
|
|
eNTTI // Trusted Installer (*)
|
|
));
|
|
// (*) These APIs are somewhat spicey
|
|
|
|
// Warning: In the default configurations of Windows, spawning processes with shared handles and such as elevated processes is generally not supported.
|
|
// The Aurora Runtime is importing APIs that'll probably make old anti-virus engines mald after sometime. However, it isn't some magic le epic uac bypass.
|
|
// You still need to have privileged credentials to hand. This should be noted bc retards on reddit and orange site are probably going to complain
|
|
// "hurhur this is malware. look, its editing policies and impersonating the UAC logon prompt in process. ooOoOO spooky."
|
|
// In reality, we're just trying to emulate the behaviour of consent.exe in-process for the likes of:
|
|
// * non-service level installers with temporary the local-sys-admin-says-its-ok permissions
|
|
// * remote daemon administration (build-bot daemons with admin credits in a toml file, running as local or network users, perhaps)
|
|
// * ssh-like servers
|
|
// * initially not-administrator processes temporarily elevating themselves to remove or re-enable kernel level drivers (drivers such as: reverse engineering tools, vidya gaym anticheats, debuggers, etc)
|
|
// These APIs will be of use for live-installers where installing for global-users is optional and the base requirements don't require escalation.
|
|
// Asking for creds in process after a software demo is playable is far nicer UX, than having to wait for 10 hours for Windows to spawn a consent.exe process, just to end up losing stdin/out/err redirection.
|
|
|
|
struct RunAsDescriptor
|
|
{
|
|
AU_COPY_MOVE_DEF(RunAsDescriptor);
|
|
|
|
ERunAsUser runAs = ERunAsUser::eRegularUser;
|
|
AuOptional<int> numericUserId;
|
|
AuOptional<AuString> username;
|
|
AuOptional<AuString> password;
|
|
AuOptional<AuString> server;
|
|
AuOptional<AuString> impersonate;
|
|
AuOptional<int> impersonateNumericUserId;
|
|
bool bLoginWithProfile {};
|
|
|
|
// if this structure is partially completed;
|
|
// a dialog may be shown if running under a desktop GUI (polkit, credui, etc),
|
|
// or a command-line based command (AuConsole) may be requested.
|
|
};
|
|
|
|
AUKN_SYM void RunAs(StartupParameters &startupParameters,
|
|
RunAsDescriptor &runAs); // SECURITY @ Try to enforce moving of AuOptional<AuString> password; to hopefully purge it out of memory asap @
|
|
} // SECURITY @ Noting that AuOptional<AuString> password isn't memory safe. We should probably try to memset it after use and during move @
|
|
// REGRESSION: make runAs move-only again
|