Re: Escalating Privileges
I think on Linux you have to deal with PolicyKit or some equivalent. And you can always use some IPC mechanism to communicate with a process that has the required privileges to fill the job for you.
Re: Escalating Privileges
Re: Escalating Privileges
Quote:
Originally Posted by
manekineko
When you say communicate with a process that has the required privileges, is this normally handled by having a second executable that is somehow marked as requiring privilege escalation that is called whenever escalation is needed to perform the escalated task?
There has to be a process with required privileges (like running as root or some other user that has required rights) that you order to do some task for you. I think that is also how PolicyKit works. In Unix world there is no way to grant any rights to an already running process, you can only revoke them.
Re: Escalating Privileges
Quote:
Originally Posted by
manekineko
Well, that's for setting the start menu link, not the mailto handler, but I get your point.
Once your in the start menu, you are registered as the default application. Therefore it will include the mailto: handler, as that just uses the default application.
Re: Escalating Privileges
I've been peering at the Windows documentation out there, and I cannot believe how difficult it is to escalate within a program.
It seems like I have two choices:
1) Use COM objects (I don't even really know what those are) and somehow integrate them into my QT program (if even possible), which can spawn a new process that's running at elevated privileges.
2) Create a second QT executable, and somehow (not sure if this is even possible) bundle a manifest file inside of it, or if that's not possible, sit a manifest file next to it in the same directory. This manifest file will mark the executable as requiring elevated privileges, and I'll call this second executable using a new QProcess.
The first option sounds preferable, as it avoids detracting from the user experience by dumping unnecessary extra files all over the program directory, but it sounds much harder. The second option sounds real ugly, but it'll get the job done.
Does this sound about right? Has anyone here ever actually made a QT program compatible with UAC who can share how they did it with me?
Thanks in advance.
Re: Escalating Privileges
Quote:
Create a second QT executable, and somehow (not sure if this is even possible) bundle a manifest file inside of it, or if that's not possible, sit a manifest file next to it in the same directory. This manifest file will mark the executable as requiring elevated privileges, and I'll call this second executable using a new QProcess.
I have some good news, and some not so good.
- Yes, bundling a manifest requesting elevate privileges is possible. I do it for a program that grabs a hardware ID (Vista fakes the MAC address for user accounts).
- Spawning the program requesting elevation is hit-and-miss
The second point needs explanation. In my testing the unprivileged program could launch the privileged one if the user was a Vista administrator and could obtain an admin credential. If the user is a Vista unprivileged user then the attempt to execute the executable that requests escalation would silently fail regardless of the fact that the user could manually run it and be prompted for escalation. I also found that it mattered which method you used to launch the app: shell execute vs CreateProcess (although I cannot remember which worked best). In the end I opted to direct the user to manually run the program.
Another approach for you might be to install a Windows service running with elevated privileges and talk to that from user-land to have your will done. This is how many background update processes are done I expect.
