diff --git a/Cargo.lock b/Cargo.lock index 60852eba1..55949fe8b 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2537,6 +2537,14 @@ dependencies = [ "tiff", ] +[[package]] +name = "impersonate_system" +version = "0.1.0" +source = "git+https://github.com/21pages/impersonate-system#af4a82050580217a434c2024e181a98de24823ec" +dependencies = [ + "cc", +] + [[package]] name = "include_dir" version = "0.7.2" @@ -4329,6 +4337,7 @@ dependencies = [ "flutter_rust_bridge_codegen", "hbb_common", "hound", + "impersonate_system", "include_dir", "jni", "lazy_static", diff --git a/Cargo.toml b/Cargo.toml index 062e32abb..919f39d1c 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -91,6 +91,7 @@ winapi = { version = "0.3", features = ["winuser"] } winreg = "0.10" windows-service = "0.4" virtual_display = { path = "libs/virtual_display" } +impersonate_system = { git = "https://github.com/21pages/impersonate-system" } [target.'cfg(target_os = "macos")'.dependencies] objc = "0.2" diff --git a/flutter/lib/desktop/pages/desktop_home_page.dart b/flutter/lib/desktop/pages/desktop_home_page.dart index f25e3263a..fcc8c4991 100644 --- a/flutter/lib/desktop/pages/desktop_home_page.dart +++ b/flutter/lib/desktop/pages/desktop_home_page.dart @@ -407,6 +407,15 @@ class _DesktopHomePageState extends State @override void initState() { super.initState(); + Timer(const Duration(seconds: 1), () async { + final installed = bind.mainIsInstalled(); + final root = await bind.mainIsRoot(); + final release = await bind.mainIsRelease(); + if (Platform.isWindows && release && !installed && !root) { + msgBox('custom-elevation-nocancel', 'Prompt', 'elevation_prompt', + gFFI.dialogManager); + } + }); Timer(const Duration(seconds: 5), () async { updateUrl = await bind.mainGetSoftwareUpdateUrl(); if (updateUrl.isNotEmpty) setState(() {}); diff --git a/flutter/lib/models/native_model.dart b/flutter/lib/models/native_model.dart index 666116d78..54895f947 100644 --- a/flutter/lib/models/native_model.dart +++ b/flutter/lib/models/native_model.dart @@ -106,7 +106,12 @@ class PlatformFFI { debugPrint('initializing FFI $_appType'); try { _translate = dylib.lookupFunction('translate'); - _dir = (await getApplicationDocumentsDirectory()).path; + try { + // SYSTEM user failed + _dir = (await getApplicationDocumentsDirectory()).path; + } catch (e) { + debugPrint('Failed to get documents directory: $e'); + } _ffiBind = RustdeskImpl(dylib); _startListenEvent(_ffiBind); // global event try { diff --git a/libs/hbb_common/protos/message.proto b/libs/hbb_common/protos/message.proto index 8fb67e5c1..1f3d24157 100644 --- a/libs/hbb_common/protos/message.proto +++ b/libs/hbb_common/protos/message.proto @@ -556,6 +556,8 @@ message Misc { bool video_received = 12; BackNotification back_notification = 13; bool restart_remote_device = 14; + bool uac = 15; + bool foreground_window_elevated = 16; } } diff --git a/src/client.rs b/src/client.rs index c70956b63..214af6cf7 100644 --- a/src/client.rs +++ b/src/client.rs @@ -1354,7 +1354,11 @@ impl LoginConfigHandler { username: self.id.clone(), password: password.into(), my_id, - my_name: crate::username(), + my_name: if cfg!(windows) { + crate::platform::get_active_username() + } else { + crate::username() + }, option: self.get_option_message(true).into(), session_id: self.session_id, version: crate::VERSION.to_string(), diff --git a/src/client/io_loop.rs b/src/client/io_loop.rs index cf6168834..7e3bbb3dc 100644 --- a/src/client/io_loop.rs +++ b/src/client/io_loop.rs @@ -979,6 +979,21 @@ impl Remote { return false; } } + Some(misc::Union::Uac(uac)) => { + if uac { + self.handler + .msgbox("custom-uac-nocancel", "Warning", "uac_warning"); + } + } + Some(misc::Union::ForegroundWindowElevated(elevated)) => { + if elevated { + self.handler.msgbox( + "custom-elevated-foreground-nocancel", + "Warning", + "elevated_foreground_window_warning", + ); + } + } _ => {} }, Some(message::Union::TestDelay(t)) => { diff --git a/src/core_main.rs b/src/core_main.rs index f514cd790..d159e115e 100644 --- a/src/core_main.rs +++ b/src/core_main.rs @@ -8,12 +8,20 @@ pub fn core_main() -> Option> { let mut args = Vec::new(); let mut i = 0; let mut is_setup = false; + let mut _is_elevate = false; + let mut _is_run_as_system = false; for arg in std::env::args() { // to-do: how to pass to flutter? if i == 0 && crate::common::is_setup(&arg) { is_setup = true; } else if i > 0 { - args.push(arg); + if arg == "--elevate" { + _is_elevate = true; + } else if arg == "--run-as-system" { + _is_run_as_system = true; + } else { + args.push(arg); + } } i += 1; } @@ -57,6 +65,11 @@ pub fn core_main() -> Option> { .ok(); } } + #[cfg(windows)] + #[cfg(not(debug_assertions))] + if !crate::platform::is_installed() && args.is_empty() { + crate::platform::elevate_or_run_as_system(is_setup, _is_elevate, _is_run_as_system); + } if args.is_empty() { std::thread::spawn(move || crate::start_server(false)); } else { diff --git a/src/flutter_ffi.rs b/src/flutter_ffi.rs index 1adee6988..d4c198eea 100644 --- a/src/flutter_ffi.rs +++ b/src/flutter_ffi.rs @@ -800,6 +800,14 @@ pub fn main_has_hwcodec() -> SyncReturn { SyncReturn(has_hwcodec()) } +pub fn main_is_root() -> bool { + is_root() +} + +pub fn main_is_release() -> bool { + is_release() +} + pub fn session_send_mouse(id: String, msg: String) { if let Ok(m) = serde_json::from_str::>(&msg) { let alt = m.get("alt").is_some(); diff --git a/src/lang/cn.rs b/src/lang/cn.rs index c974bf7fe..3dc5dc434 100644 --- a/src/lang/cn.rs +++ b/src/lang/cn.rs @@ -360,5 +360,9 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> = ("Enable LAN Discovery", "允许局域网发现"), ("Deny LAN Discovery", "拒绝局域网发现"), ("Write a message", "输入聊天消息"), + ("Prompt", "提示"), + ("elevation_prompt", "以当前用户权限运行软件,可能导致远端在访问本机时,没有足够的权限来操作部分窗口。"), + ("uac_warning", "暂时无法访问远端设备,因为远端设备正在请求用户账户权限,请等待对方关闭UAC窗口。为避免这个问题,建议在远端设备上安装或者以管理员权限运行本软件。"), + ("elevated_foreground_window_warning", "暂时无法使用鼠标键盘,因为远端桌面的当前窗口需要更高的权限才能操作, 可以请求对方最小化当前窗口。为避免这个问题,建议在远端设备上安装或者以管理员权限运行本软件。"), ].iter().cloned().collect(); } diff --git a/src/lang/cs.rs b/src/lang/cs.rs index def7206a7..81df20cc9 100644 --- a/src/lang/cs.rs +++ b/src/lang/cs.rs @@ -360,5 +360,9 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> = ("Enable LAN Discovery", ""), ("Deny LAN Discovery", ""), ("Write a message", ""), + ("Prompt", ""), + ("elevation_prompt", ""), + ("uac_warning", ""), + ("elevated_foreground_window_warning", ""), ].iter().cloned().collect(); } diff --git a/src/lang/da.rs b/src/lang/da.rs index 8151ea4e0..18e4e4949 100644 --- a/src/lang/da.rs +++ b/src/lang/da.rs @@ -360,5 +360,9 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> = ("Enable LAN Discovery", ""), ("Deny LAN Discovery", ""), ("Write a message", ""), + ("Prompt", ""), + ("elevation_prompt", ""), + ("uac_warning", ""), + ("elevated_foreground_window_warning", ""), ].iter().cloned().collect(); } diff --git a/src/lang/de.rs b/src/lang/de.rs index 57596f709..df7c5f238 100644 --- a/src/lang/de.rs +++ b/src/lang/de.rs @@ -360,5 +360,9 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> = ("Enable LAN Discovery", ""), ("Deny LAN Discovery", ""), ("Write a message", ""), + ("Prompt", ""), + ("elevation_prompt", ""), + ("uac_warning", ""), + ("elevated_foreground_window_warning", ""), ].iter().cloned().collect(); } diff --git a/src/lang/en.rs b/src/lang/en.rs index 14232c4e2..279f26cd1 100644 --- a/src/lang/en.rs +++ b/src/lang/en.rs @@ -30,5 +30,8 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> = ("android_open_battery_optimizations_tip", "If you want to disable this feature, please go to the next RustDesk application settings page, find and enter [Battery], Uncheck [Unrestricted]"), ("remote_restarting_tip", "Remote device is restarting, please close this message box and reconnect with permanent password after a while"), ("Are you sure to close the connection?", "Are you sure you want to close the connection?"), - ].iter().cloned().collect(); + ("elevation_prompt", "Running software without privilege elevation may cause problems when remote users operate certain windows."), + ("uac_warning", "Temporarily denied access due to elevation request, please wait for the remote user to accept the UAC dialog. To avoid this problem, it is recommended to install the software on the remote device or run it with administrator privileges."), + ("elevated_foreground_window_warning", "Temporarily unable to use the mouse and keyboard, because the current window of the remote desktop requires higher privilege to operate, you can request the remote user to minimize the current window. To avoid this problem, it is recommended to install the software on the remote device or run it with administrator privileges."), + ].iter().cloned().collect(); } diff --git a/src/lang/eo.rs b/src/lang/eo.rs index cc21e7509..578f9cef4 100644 --- a/src/lang/eo.rs +++ b/src/lang/eo.rs @@ -360,5 +360,9 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> = ("Enable LAN Discovery", ""), ("Deny LAN Discovery", ""), ("Write a message", ""), + ("Prompt", ""), + ("elevation_prompt", ""), + ("uac_warning", ""), + ("elevated_foreground_window_warning", ""), ].iter().cloned().collect(); } diff --git a/src/lang/es.rs b/src/lang/es.rs index 1e57c6913..42470b120 100644 --- a/src/lang/es.rs +++ b/src/lang/es.rs @@ -360,5 +360,9 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> = ("Enable LAN Discovery", ""), ("Deny LAN Discovery", ""), ("Write a message", ""), + ("Prompt", ""), + ("elevation_prompt", ""), + ("uac_warning", ""), + ("elevated_foreground_window_warning", ""), ].iter().cloned().collect(); } diff --git a/src/lang/fr.rs b/src/lang/fr.rs index 479c701bf..ce054a021 100644 --- a/src/lang/fr.rs +++ b/src/lang/fr.rs @@ -360,5 +360,9 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> = ("Enable LAN Discovery", ""), ("Deny LAN Discovery", ""), ("Write a message", ""), + ("Prompt", ""), + ("elevation_prompt", ""), + ("uac_warning", ""), + ("elevated_foreground_window_warning", ""), ].iter().cloned().collect(); } diff --git a/src/lang/hu.rs b/src/lang/hu.rs index 1847c8cc5..caf74eaaa 100644 --- a/src/lang/hu.rs +++ b/src/lang/hu.rs @@ -360,5 +360,9 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> = ("Enable LAN Discovery", ""), ("Deny LAN Discovery", ""), ("Write a message", ""), + ("Prompt", ""), + ("elevation_prompt", ""), + ("uac_warning", ""), + ("elevated_foreground_window_warning", ""), ].iter().cloned().collect(); } diff --git a/src/lang/id.rs b/src/lang/id.rs index ebb83c862..e993f2042 100644 --- a/src/lang/id.rs +++ b/src/lang/id.rs @@ -360,5 +360,9 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> = ("Enable LAN Discovery", ""), ("Deny LAN Discovery", ""), ("Write a message", ""), + ("Prompt", ""), + ("elevation_prompt", ""), + ("uac_warning", ""), + ("elevated_foreground_window_warning", ""), ].iter().cloned().collect(); } diff --git a/src/lang/it.rs b/src/lang/it.rs index 2db9f3026..2f5115171 100644 --- a/src/lang/it.rs +++ b/src/lang/it.rs @@ -360,5 +360,9 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> = ("Enable LAN Discovery", ""), ("Deny LAN Discovery", ""), ("Write a message", ""), + ("Prompt", ""), + ("elevation_prompt", ""), + ("uac_warning", ""), + ("elevated_foreground_window_warning", ""), ].iter().cloned().collect(); } diff --git a/src/lang/ja.rs b/src/lang/ja.rs index 0021f0db9..c5ebb9b15 100644 --- a/src/lang/ja.rs +++ b/src/lang/ja.rs @@ -360,5 +360,9 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> = ("Enable LAN Discovery", ""), ("Deny LAN Discovery", ""), ("Write a message", ""), + ("Prompt", ""), + ("elevation_prompt", ""), + ("uac_warning", ""), + ("elevated_foreground_window_warning", ""), ].iter().cloned().collect(); } diff --git a/src/lang/ko.rs b/src/lang/ko.rs index 89bc69fa2..069210625 100644 --- a/src/lang/ko.rs +++ b/src/lang/ko.rs @@ -360,5 +360,9 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> = ("Enable LAN Discovery", ""), ("Deny LAN Discovery", ""), ("Write a message", ""), + ("Prompt", ""), + ("elevation_prompt", ""), + ("uac_warning", ""), + ("elevated_foreground_window_warning", ""), ].iter().cloned().collect(); } diff --git a/src/lang/kz.rs b/src/lang/kz.rs index 6eea0d8be..45f2ecdc5 100644 --- a/src/lang/kz.rs +++ b/src/lang/kz.rs @@ -359,5 +359,9 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> = ("Enable LAN Discovery", ""), ("Deny LAN Discovery", ""), ("Write a message", ""), + ("Prompt", ""), + ("elevation_prompt", ""), + ("uac_warning", ""), + ("elevated_foreground_window_warning", ""), ].iter().cloned().collect(); } diff --git a/src/lang/pl.rs b/src/lang/pl.rs index 1f101a069..bcef81afc 100644 --- a/src/lang/pl.rs +++ b/src/lang/pl.rs @@ -360,5 +360,9 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> = ("Enable LAN Discovery", ""), ("Deny LAN Discovery", ""), ("Write a message", ""), + ("Prompt", ""), + ("elevation_prompt", ""), + ("uac_warning", ""), + ("elevated_foreground_window_warning", ""), ].iter().cloned().collect(); } diff --git a/src/lang/pt_PT.rs b/src/lang/pt_PT.rs index ab49d9f93..3e1c505e6 100644 --- a/src/lang/pt_PT.rs +++ b/src/lang/pt_PT.rs @@ -360,5 +360,9 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> = ("Enable LAN Discovery", ""), ("Deny LAN Discovery", ""), ("Write a message", ""), + ("Prompt", ""), + ("elevation_prompt", ""), + ("uac_warning", ""), + ("elevated_foreground_window_warning", ""), ].iter().cloned().collect(); } diff --git a/src/lang/ptbr.rs b/src/lang/ptbr.rs index 640a35d10..7d8ce5ac7 100644 --- a/src/lang/ptbr.rs +++ b/src/lang/ptbr.rs @@ -360,5 +360,9 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> = ("Enable LAN Discovery", ""), ("Deny LAN Discovery", ""), ("Write a message", ""), + ("Prompt", ""), + ("elevation_prompt", ""), + ("uac_warning", ""), + ("elevated_foreground_window_warning", ""), ].iter().cloned().collect(); } diff --git a/src/lang/ru.rs b/src/lang/ru.rs index f1d9c6f31..30bc52d95 100644 --- a/src/lang/ru.rs +++ b/src/lang/ru.rs @@ -360,5 +360,9 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> = ("Enable LAN Discovery", ""), ("Deny LAN Discovery", ""), ("Write a message", ""), + ("Prompt", ""), + ("elevation_prompt", ""), + ("uac_warning", ""), + ("elevated_foreground_window_warning", ""), ].iter().cloned().collect(); } diff --git a/src/lang/sk.rs b/src/lang/sk.rs index a7b527302..5c3b7ef6e 100644 --- a/src/lang/sk.rs +++ b/src/lang/sk.rs @@ -360,5 +360,9 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> = ("Enable LAN Discovery", ""), ("Deny LAN Discovery", ""), ("Write a message", ""), + ("Prompt", ""), + ("elevation_prompt", ""), + ("uac_warning", ""), + ("elevated_foreground_window_warning", ""), ].iter().cloned().collect(); } diff --git a/src/lang/template.rs b/src/lang/template.rs index e879b2a21..2a2d6eb8a 100644 --- a/src/lang/template.rs +++ b/src/lang/template.rs @@ -360,5 +360,9 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> = ("Enable LAN Discovery", ""), ("Deny LAN Discovery", ""), ("Write a message", ""), + ("Prompt", ""), + ("elevation_prompt", ""), + ("uac_warning", ""), + ("elevated_foreground_window_warning", ""), ].iter().cloned().collect(); } diff --git a/src/lang/tr.rs b/src/lang/tr.rs index 50ce2ec2a..8daa4bb88 100644 --- a/src/lang/tr.rs +++ b/src/lang/tr.rs @@ -360,5 +360,9 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> = ("Enable LAN Discovery", ""), ("Deny LAN Discovery", ""), ("Write a message", ""), + ("Prompt", ""), + ("elevation_prompt", ""), + ("uac_warning", ""), + ("elevated_foreground_window_warning", ""), ].iter().cloned().collect(); } diff --git a/src/lang/tw.rs b/src/lang/tw.rs index c02c95df1..5f9a6632c 100644 --- a/src/lang/tw.rs +++ b/src/lang/tw.rs @@ -360,5 +360,9 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> = ("Enable LAN Discovery", "允許局域網發現"), ("Deny LAN Discovery", "拒絕局域網發現"), ("Write a message", "輸入聊天消息"), + ("Prompt", "提示"), + ("elevation_prompt", "以當前用戶權限運行軟件,可能導致遠端在訪問本機時,沒有足夠的權限來操作部分窗口。"), + ("uac_warning", "暂时无法访问远端设备,因为远端设备正在请求用户账户权限,请等待对方关闭UAC窗口。为避免这个问题,建议在远端设备上安装或者以管理员权限运行本软件。"), + ("elevated_foreground_window_warning", "暫時無法使用鼠標鍵盤,因為遠端桌面的當前窗口需要更高的權限才能操作, 可以請求對方最小化當前窗口。為避免這個問題,建議在遠端設備上安裝或者以管理員權限運行本軟件。"), ].iter().cloned().collect(); } diff --git a/src/lang/vn.rs b/src/lang/vn.rs index dce16bb7b..541436331 100644 --- a/src/lang/vn.rs +++ b/src/lang/vn.rs @@ -360,5 +360,9 @@ pub static ref T: std::collections::HashMap<&'static str, &'static str> = ("Enable LAN Discovery", ""), ("Deny LAN Discovery", ""), ("Write a message", ""), + ("Prompt", ""), + ("elevation_prompt", ""), + ("uac_warning", ""), + ("elevated_foreground_window_warning", ""), ].iter().cloned().collect(); } diff --git a/src/platform/windows.rs b/src/platform/windows.rs index fa9fb5b10..10b0dcee6 100644 --- a/src/platform/windows.rs +++ b/src/platform/windows.rs @@ -14,11 +14,21 @@ use std::{ time::{Duration, Instant}, }; use winapi::{ + ctypes::c_void, shared::{minwindef::*, ntdef::NULL, windef::*}, um::{ - errhandlingapi::GetLastError, handleapi::CloseHandle, minwinbase::STILL_ACTIVE, - processthreadsapi::GetExitCodeProcess, shellapi::ShellExecuteA, winbase::*, wingdi::*, - winnt::HANDLE, winuser::*, + errhandlingapi::GetLastError, + handleapi::CloseHandle, + minwinbase::STILL_ACTIVE, + processthreadsapi::{GetCurrentProcess, GetExitCodeProcess, OpenProcess, OpenProcessToken}, + securitybaseapi::GetTokenInformation, + shellapi::ShellExecuteA, + winbase::*, + wingdi::*, + winnt::{ + TokenElevation, HANDLE, PROCESS_QUERY_LIMITED_INFORMATION, TOKEN_ELEVATION, TOKEN_QUERY, + }, + winuser::*, }, }; use windows_service::{ @@ -1420,16 +1430,145 @@ pub fn get_user_token(session_id: u32, as_user: bool) -> HANDLE { } } -pub fn check_super_user_permission() -> ResultType { +pub fn run_uac(exe: &str, arg: &str) -> ResultType { unsafe { + let cstring; let ret = ShellExecuteA( NULL as _, CString::new("runas")?.as_ptr() as _, - CString::new("cmd")?.as_ptr() as _, - CString::new("/c /q")?.as_ptr() as _, + CString::new(exe)?.as_ptr() as _, + if arg.is_empty() { + NULL as _ + } else { + cstring = CString::new(arg)?; + cstring.as_ptr() as _ + }, NULL as _, SW_SHOWNORMAL, ); return Ok(ret as i32 > 32); } } + +pub fn check_super_user_permission() -> ResultType { + run_uac("cmd", "/c /q") +} + +pub fn elevate(arg: &str) -> ResultType { + run_uac( + std::env::current_exe()? + .to_string_lossy() + .to_string() + .as_str(), + arg, + ) +} + +pub fn run_as_system(arg: &str) -> ResultType<()> { + let exe = std::env::current_exe()?.to_string_lossy().to_string(); + if impersonate_system::run_as_system(&exe, arg).is_err() { + bail!(format!("Failed to run {} as system", exe)); + } + Ok(()) +} + +pub fn elevate_or_run_as_system(is_setup: bool, is_elevate: bool, is_run_as_system: bool) { + // avoid possible run recursively due to failed run, which hasn't happened yet. + let arg_elevate = if is_setup { + "--noinstall --elevate" + } else { + "--elevate" + }; + let arg_run_as_system = if is_setup { + "--noinstall --run-as-system" + } else { + "--run-as-system" + }; + let rerun_as_system = || { + if !is_root() { + if run_as_system(arg_run_as_system).is_ok() { + std::process::exit(0); + } else { + log::error!("Failed to run as system"); + } + } + }; + + if is_elevate { + if !is_elevated(None).map_or(true, |b| b) { + log::error!("Failed to elevate"); + return; + } + rerun_as_system(); + } else if is_run_as_system { + if !is_root() { + log::error!("Failed to be system"); + } + } else { + if let Ok(true) = is_elevated(None) { + // right click + rerun_as_system(); + } else { + // left click || run without install + if let Ok(true) = elevate(arg_elevate) { + std::process::exit(0); + } else { + // do nothing but prompt + } + } + } +} + +// https://github.com/mgostIH/process_list/blob/master/src/windows/mod.rs +#[repr(transparent)] +pub(self) struct RAIIHandle(pub HANDLE); + +impl Drop for RAIIHandle { + fn drop(&mut self) { + // This never gives problem except when running under a debugger. + unsafe { CloseHandle(self.0) }; + } +} + +pub fn is_elevated(process_id: Option) -> ResultType { + unsafe { + let handle: HANDLE = match process_id { + Some(process_id) => OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, FALSE, process_id), + None => GetCurrentProcess(), + }; + if handle == NULL { + bail!("Failed to open process, errno {}", GetLastError()) + } + let _handle = RAIIHandle(handle); + let mut token: HANDLE = mem::zeroed(); + if OpenProcessToken(handle, TOKEN_QUERY, &mut token) == FALSE { + bail!("Failed to open process token, errno {}", GetLastError()) + } + let _token = RAIIHandle(token); + let mut token_elevation: TOKEN_ELEVATION = mem::zeroed(); + let mut size: DWORD = 0; + if GetTokenInformation( + token, + TokenElevation, + (&mut token_elevation) as *mut _ as *mut c_void, + mem::size_of::() as _, + &mut size, + ) == FALSE + { + bail!("Failed to get token information, errno {}", GetLastError()) + } + + Ok(token_elevation.TokenIsElevated != 0) + } +} + +pub fn is_foreground_window_elevated() -> ResultType { + unsafe { + let mut process_id: DWORD = 0; + GetWindowThreadProcessId(GetForegroundWindow(), &mut process_id); + if process_id == 0 { + bail!("Failed to get processId, errno {}", GetLastError()) + } + is_elevated(Some(process_id)) + } +} diff --git a/src/server/connection.rs b/src/server/connection.rs index 15d313fbe..8ad408885 100644 --- a/src/server/connection.rs +++ b/src/server/connection.rs @@ -229,6 +229,9 @@ impl Connection { #[cfg(not(any(target_os = "android", target_os = "ios")))] std::thread::spawn(move || Self::handle_input(rx_input, tx_cloned)); + let mut second_timer = time::interval(Duration::from_secs(1)); + let mut last_uac = false; + let mut last_foreground_window_elevated = false; loop { tokio::select! { @@ -400,6 +403,26 @@ impl Connection { break; } }, + _ = second_timer.tick() => { + let uac = crate::video_service::IS_UAC_RUNNING.lock().unwrap().clone(); + if last_uac != uac { + last_uac = uac; + let mut misc = Misc::new(); + misc.set_uac(uac); + let mut msg = Message::new(); + msg.set_misc(misc); + conn.inner.send(msg.into()); + } + let foreground_window_elevated = crate::video_service::IS_FOREGROUND_WINDOW_ELEVATED.lock().unwrap().clone(); + if last_foreground_window_elevated != foreground_window_elevated { + last_foreground_window_elevated = foreground_window_elevated; + let mut misc = Misc::new(); + misc.set_foreground_window_elevated(foreground_window_elevated); + let mut msg = Message::new(); + msg.set_misc(misc); + conn.inner.send(msg.into()); + } + } _ = test_delay_timer.tick() => { if last_recv_time.elapsed() >= SEC30 { conn.on_close("Timeout", true).await; diff --git a/src/server/video_service.rs b/src/server/video_service.rs index 272bcf8d5..ad6f5f620 100644 --- a/src/server/video_service.rs +++ b/src/server/video_service.rs @@ -33,6 +33,7 @@ use std::{ collections::HashSet, io::ErrorKind::WouldBlock, ops::{Deref, DerefMut}, + sync::Once, time::{self, Duration, Instant}, }; #[cfg(windows)] @@ -51,6 +52,8 @@ lazy_static::lazy_static! { static ref PRIVACY_MODE_CONN_ID: Mutex = Mutex::new(0); static ref IS_CAPTURER_MAGNIFIER_SUPPORTED: bool = is_capturer_mag_supported(); pub static ref VIDEO_QOS: Arc> = Default::default(); + pub static ref IS_UAC_RUNNING: Arc> = Default::default(); + pub static ref IS_FOREGROUND_WINDOW_ELEVATED: Arc> = Default::default(); } fn is_capturer_mag_supported() -> bool { @@ -451,6 +454,8 @@ fn run(sp: GenericService) -> ResultType<()> { }; #[cfg(any(target_os = "android", target_os = "ios"))] let recorder: Arc>> = Default::default(); + #[cfg(windows)] + start_uac_elevation_check(); while sp.ok() { #[cfg(windows)] @@ -832,3 +837,24 @@ pub(super) fn get_current_display_2(mut all: Vec) -> ResultType<(usize, fn get_current_display() -> ResultType<(usize, usize, Display)> { get_current_display_2(try_get_displays()?) } + +#[cfg(windows)] +fn start_uac_elevation_check() { + static START: Once = Once::new(); + START.call_once(|| { + if !crate::platform::is_installed() + && !crate::platform::is_root() + && !crate::platform::is_elevated(None).map_or(false, |b| b) + { + std::thread::spawn(|| loop { + std::thread::sleep(std::time::Duration::from_secs(1)); + if let Ok(uac) = crate::ui::win_privacy::is_process_consent_running() { + *IS_UAC_RUNNING.lock().unwrap() = uac; + } + if let Ok(elevated) = crate::platform::is_foreground_window_elevated() { + *IS_FOREGROUND_WINDOW_ELEVATED.lock().unwrap() = elevated; + } + }); + } + }); +} diff --git a/src/ui.rs b/src/ui.rs index 095559811..63dc4704a 100644 --- a/src/ui.rs +++ b/src/ui.rs @@ -20,22 +20,7 @@ use hbb_common::{ use crate::common::get_app_name; use crate::ipc; -use crate::ui_interface::{ - check_mouse_time, closing, create_shortcut, current_is_wayland, default_video_save_directory, - fix_login_wayland, forget_password, get_api_server, get_async_job_status, get_connect_status, - get_error, get_fav, get_icon, get_lan_peers, get_langs, get_license, get_local_option, - get_mouse_time, get_new_version, get_option, get_options, get_peer, get_peer_option, - get_recent_sessions, get_remote_id, get_size, get_socks, get_software_ext, - get_software_store_path, get_software_update_url, get_uuid, get_version, goto_install, - has_hwcodec, has_rendezvous_service, install_me, install_path, is_can_screen_recording, - is_installed, is_installed_daemon, is_installed_lower_version, is_login_wayland, - is_ok_change_id, is_process_trusted, is_rdp_service_open, is_share_rdp, is_xfce, - modify_default_login, new_remote, open_url, peer_has_password, permanent_password, - post_request, recent_sessions_updated, remove_peer, run_without_install, set_local_option, - set_option, set_options, set_peer_option, set_permanent_password, set_remote_id, set_share_rdp, - set_socks, show_run_without_install, store_fav, t, temporary_password, test_if_valid_server, - update_me, update_temporary_password, using_public_server, -}; +use crate::ui_interface::*; mod cm; #[cfg(feature = "inline")] @@ -349,6 +334,14 @@ impl UI { is_installed() } + fn is_root(&self) -> bool { + is_root() + } + + fn is_release(&self) -> bool { + is_release() + } + fn is_rdp_service_open(&self) -> bool { is_rdp_service_open() } @@ -615,6 +608,8 @@ impl sciter::EventHandler for UI { fn get_icon(); fn install_me(String, String); fn is_installed(); + fn is_root(); + fn is_release(); fn set_socks(String, String, String); fn get_socks(); fn is_rdp_service_open(); diff --git a/src/ui/index.tis b/src/ui/index.tis index b889ff010..a2d895733 100644 --- a/src/ui/index.tis +++ b/src/ui/index.tis @@ -1242,3 +1242,9 @@ function refreshCurrentUser() { function getHttpHeaders() { return "Authorization: Bearer " + handler.get_local_option("access_token"); } + +$(body).timer(1000, function check_elevation(){ + if (is_win && handler.is_release() && !handler.is_installed() && !handler.is_root()) { + msgbox("custom-elevation-nocancel", "Prompt", "elevation_prompt"); + } +}); \ No newline at end of file diff --git a/src/ui_interface.rs b/src/ui_interface.rs index 31c203fb4..3e357faa7 100644 --- a/src/ui_interface.rs +++ b/src/ui_interface.rs @@ -755,6 +755,19 @@ pub fn has_hwcodec() -> bool { return true; } +#[inline] +pub fn is_release() -> bool { + #[cfg(not(debug_assertions))] + return true; + #[cfg(debug_assertions)] + return false; +} + +#[inline] +pub fn is_root() -> bool { + crate::platform::is_root() +} + #[inline] pub fn check_super_user_permission() -> bool { #[cfg(any(windows, target_os = "linux"))]