diff options
| author |   Simon Rozman <simon@rozman.si> | 2019-08-29 11:04:07 +0200 |
|---|---|---|
| committer |   Jason A. Donenfeld <Jason@zx2c4.com> | 2019-08-30 08:47:21 -0600 |
| commit | a935ce44c26a4f8ef33ba4610ca13833e4a34095 (patch) | |
| tree | 4c57eadc8d704277c3f03550896122115418941e | |
| parent | elevate: check for desktop admin ownership (diff) | |
| download | wireguard-windows-a935ce44c26a4f8ef33ba4610ca13833e4a34095.tar.xz wireguard-windows-a935ce44c26a4f8ef33ba4610ca13833e4a34095.zip | |
main: display localized "Administrators" group name
Signed-off-by: Simon Rozman <simon@rozman.si>
| -rw-r--r-- | elevate/membership.go | 18 | ||||
| -rw-r--r-- | main.go | 12 |
2 files changed, 23 insertions, 7 deletions
diff --git a/elevate/membership.go b/elevate/membership.go index 131c6d97..0c090271 100644 --- a/elevate/membership.go +++ b/elevate/membership.go @@ -15,7 +15,7 @@ func isAdmin(token windows.Token) bool { return false } var checkableToken windows.Token - err = windows.DuplicateTokenEx(token, windows.TOKEN_QUERY | windows.TOKEN_IMPERSONATE, nil, windows.SecurityIdentification, windows.TokenImpersonation, &checkableToken) + err = windows.DuplicateTokenEx(token, windows.TOKEN_QUERY|windows.TOKEN_IMPERSONATE, nil, windows.SecurityIdentification, windows.TokenImpersonation, &checkableToken) if err != nil { return false } @@ -52,10 +52,22 @@ func IsAdminDesktop() (bool, error) { } defer windows.CloseHandle(process) var token windows.Token - err = windows.OpenProcessToken(process, windows.TOKEN_QUERY | windows.TOKEN_IMPERSONATE, &token) + err = windows.OpenProcessToken(process, windows.TOKEN_QUERY|windows.TOKEN_IMPERSONATE, &token) if err != nil { return false, err } defer token.Close() return TokenIsElevatedOrElevatable(token), nil -}
\ No newline at end of file +} + +func AdminGroupName() string { + builtinAdminsGroup, err := windows.CreateWellKnownSid(windows.WinBuiltinAdministratorsSid) + if err != nil { + return "Administrators" + } + name, _, _, err := builtinAdminsGroup.LookupAccount("") + if err != nil { + return "Administrators" + } + return name +} @@ -40,6 +40,10 @@ func fatal(v ...interface{}) { os.Exit(1) } +func fatalf(format string, v ...interface{}) { + fatal(fmt.Sprintf(format, v...)) +} + func info(title string, format string, v ...interface{}) { windows.MessageBox(0, windows.StringToUTF16Ptr(fmt.Sprintf(format, v...)), windows.StringToUTF16Ptr(title), windows.MB_ICONINFORMATION) } @@ -61,7 +65,7 @@ func checkForWow64() { } err = windows.IsWow64Process(p, &b) if err != nil { - fatal("Unable to determine whether the process is running under WOW64: ", err) + fatalf("Unable to determine whether the process is running under WOW64: %v", err) } if b { fatal("You must use the 64-bit version of WireGuard on this computer.") @@ -72,18 +76,18 @@ func checkForAdminGroup() { // This is not a security check, but rather a user-confusion one. processToken, err := windows.OpenCurrentProcessToken() if err != nil { - fatal("Unable to open current process token: ", err) + fatalf("Unable to open current process token: %v", err) } defer processToken.Close() if !elevate.TokenIsElevatedOrElevatable(processToken) { - fatal("WireGuard may only be used by users who are a member of the Builtin Administrators group.") + fatalf("WireGuard may only be used by users who are a member of the Builtin %s group.", elevate.AdminGroupName()) } } func checkForAdminDesktop() { adminDesktop, err := elevate.IsAdminDesktop() if !adminDesktop && err == nil { - fatal("WireGuard is running, but the UI is only accessible from desktops of the Builtin Administrators group.") + fatalf("WireGuard is running, but the UI is only accessible from desktops of the Builtin %s group.", elevate.AdminGroupName()) } } |