diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2019-08-05 16:04:39 +0200 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2019-08-05 20:12:19 +0200 |
commit | c1ee46faae672e8024cb114450d974232fe44a8b (patch) | |
tree | 161840e31285965c1aae7f51e7a769522ba22d58 /elevate/membership.go | |
parent | elevate: require builtin admins group and proper reg key (diff) | |
download | wireguard-windows-c1ee46faae672e8024cb114450d974232fe44a8b.tar.xz wireguard-windows-c1ee46faae672e8024cb114450d974232fe44a8b.zip |
elevate: move service/token into proper module
Diffstat (limited to '')
-rw-r--r-- | elevate/membership.go | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/elevate/membership.go b/elevate/membership.go new file mode 100644 index 00000000..baa4d71b --- /dev/null +++ b/elevate/membership.go @@ -0,0 +1,28 @@ +/* SPDX-License-Identifier: MIT + * + * Copyright (C) 2019 WireGuard LLC. All Rights Reserved. + */ + +package elevate + +import ( + "runtime" + + "golang.org/x/sys/windows" +) + +func TokenIsMemberOfBuiltInAdministrator(token windows.Token) bool { + gs, err := token.GetTokenGroups() + if err != nil { + return false + } + isAdmin := false + for _, g := range gs.AllGroups() { + if (g.Attributes&windows.SE_GROUP_USE_FOR_DENY_ONLY != 0 || g.Attributes&windows.SE_GROUP_ENABLED != 0) && g.Sid.IsWellKnown(windows.WinBuiltinAdministratorsSid) { + isAdmin = true + break + } + } + runtime.KeepAlive(gs) + return isAdmin +} |