diff options
| author |   Jason A. Donenfeld <Jason@zx2c4.com> | 2019-08-28 22:30:35 -0600 |
|---|---|---|
| committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2019-08-30 08:47:21 -0600 |
| commit | 931c5eb3637441929634ddbe608acf94b293175e (patch) | |
| tree | 2dab80c185282b6cb9270836cef88f852afe5a40 /elevate/membership.go | |
| parent | elevate: use more strict check for admin group (diff) | |
| download | wireguard-windows-931c5eb3637441929634ddbe608acf94b293175e.tar.xz wireguard-windows-931c5eb3637441929634ddbe608acf94b293175e.zip | |
elevate: check for desktop admin ownership
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'elevate/membership.go')
| -rw-r--r-- | elevate/membership.go | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/elevate/membership.go b/elevate/membership.go index ccd0b60e..131c6d97 100644 --- a/elevate/membership.go +++ b/elevate/membership.go @@ -35,3 +35,27 @@ func TokenIsElevatedOrElevatable(token windows.Token) bool { defer linked.Close() return linked.IsElevated() && isAdmin(linked) } + +func IsAdminDesktop() (bool, error) { + hwnd := getShellWindow() + if hwnd == 0 { + return false, windows.ERROR_INVALID_WINDOW_HANDLE + } + var pid uint32 + _, err := getWindowThreadProcessId(hwnd, &pid) + if err != nil { + return false, err + } + process, err := windows.OpenProcess(windows.PROCESS_QUERY_INFORMATION, false, pid) + if err != nil { + return false, err + } + defer windows.CloseHandle(process) + var token windows.Token + err = windows.OpenProcessToken(process, windows.TOKEN_QUERY | windows.TOKEN_IMPERSONATE, &token) + if err != nil { + return false, err + } + defer token.Close() + return TokenIsElevatedOrElevatable(token), nil +}
\ No newline at end of file |