diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2019-08-05 16:04:39 +0200 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2019-08-05 20:12:19 +0200 |
commit | c1ee46faae672e8024cb114450d974232fe44a8b (patch) | |
tree | 161840e31285965c1aae7f51e7a769522ba22d58 /services | |
parent | elevate: require builtin admins group and proper reg key (diff) | |
download | wireguard-windows-c1ee46faae672e8024cb114450d974232fe44a8b.tar.xz wireguard-windows-c1ee46faae672e8024cb114450d974232fe44a8b.zip |
elevate: move service/token into proper module
Diffstat (limited to 'services')
-rw-r--r-- | services/tokens.go | 76 |
1 files changed, 0 insertions, 76 deletions
diff --git a/services/tokens.go b/services/tokens.go deleted file mode 100644 index bca75475..00000000 --- a/services/tokens.go +++ /dev/null @@ -1,76 +0,0 @@ -/* SPDX-License-Identifier: MIT - * - * Copyright (C) 2019 WireGuard LLC. All Rights Reserved. - */ - -package services - -import ( - "errors" - "runtime" - "unsafe" - - "golang.org/x/sys/windows" -) - -func TokenIsMemberOfBuiltInAdministrator(token windows.Token) bool { - gs, err := token.GetTokenGroups() - if err != nil { - return false - } - isAdmin := false - for _, g := range gs.AllGroups() { - if (g.Attributes&windows.SE_GROUP_USE_FOR_DENY_ONLY != 0 || g.Attributes&windows.SE_GROUP_ENABLED != 0) && g.Sid.IsWellKnown(windows.WinBuiltinAdministratorsSid) { - isAdmin = true - break - } - } - runtime.KeepAlive(gs) - return isAdmin -} - -func DropAllPrivileges(retainDriverLoading bool) error { - processHandle, err := windows.GetCurrentProcess() - if err != nil { - return err - } - var luid windows.LUID - if retainDriverLoading { - err = windows.LookupPrivilegeValue(nil, windows.StringToUTF16Ptr("SeLoadDriverPrivilege"), &luid) - if err != nil { - return err - } - } - var processToken windows.Token - err = windows.OpenProcessToken(processHandle, windows.TOKEN_READ|windows.TOKEN_WRITE, &processToken) - if err != nil { - return err - } - defer processToken.Close() - - var bufferSizeRequired uint32 - windows.GetTokenInformation(processToken, windows.TokenPrivileges, nil, 0, &bufferSizeRequired) - if bufferSizeRequired == 0 || bufferSizeRequired < uint32(unsafe.Sizeof(windows.Tokenprivileges{}.PrivilegeCount)) { - return errors.New("GetTokenInformation failed to provide a buffer size") - } - buffer := make([]byte, bufferSizeRequired) - var bytesWritten uint32 - err = windows.GetTokenInformation(processToken, windows.TokenPrivileges, &buffer[0], uint32(len(buffer)), &bytesWritten) - if err != nil { - return err - } - if bytesWritten != bufferSizeRequired { - return errors.New("GetTokenInformation returned incomplete data") - } - tokenPrivileges := (*windows.Tokenprivileges)(unsafe.Pointer(&buffer[0])) - for i := uint32(0); i < tokenPrivileges.PrivilegeCount; i++ { - item := (*windows.LUIDAndAttributes)(unsafe.Pointer(uintptr(unsafe.Pointer(&tokenPrivileges.Privileges[0])) + unsafe.Sizeof(tokenPrivileges.Privileges[0])*uintptr(i))) - if retainDriverLoading && item.Luid == luid { - continue - } - item.Attributes = windows.SE_PRIVILEGE_REMOVED - } - err = windows.AdjustTokenPrivileges(processToken, false, tokenPrivileges, 0, nil, nil) - runtime.KeepAlive(buffer) - return err -} |