diff options
Diffstat (limited to '')
-rw-r--r-- | elevate/membership.go | 28 | ||||
-rw-r--r-- | elevate/privileges.go (renamed from services/tokens.go) | 18 | ||||
-rw-r--r-- | elevate/shellexecute.go | 4 |
3 files changed, 30 insertions, 20 deletions
diff --git a/elevate/membership.go b/elevate/membership.go new file mode 100644 index 00000000..baa4d71b --- /dev/null +++ b/elevate/membership.go @@ -0,0 +1,28 @@ +/* SPDX-License-Identifier: MIT + * + * Copyright (C) 2019 WireGuard LLC. All Rights Reserved. + */ + +package elevate + +import ( + "runtime" + + "golang.org/x/sys/windows" +) + +func TokenIsMemberOfBuiltInAdministrator(token windows.Token) bool { + gs, err := token.GetTokenGroups() + if err != nil { + return false + } + isAdmin := false + for _, g := range gs.AllGroups() { + if (g.Attributes&windows.SE_GROUP_USE_FOR_DENY_ONLY != 0 || g.Attributes&windows.SE_GROUP_ENABLED != 0) && g.Sid.IsWellKnown(windows.WinBuiltinAdministratorsSid) { + isAdmin = true + break + } + } + runtime.KeepAlive(gs) + return isAdmin +} diff --git a/services/tokens.go b/elevate/privileges.go index bca75475..a02d8a5d 100644 --- a/services/tokens.go +++ b/elevate/privileges.go @@ -3,7 +3,7 @@ * Copyright (C) 2019 WireGuard LLC. All Rights Reserved. */ -package services +package elevate import ( "errors" @@ -13,22 +13,6 @@ import ( "golang.org/x/sys/windows" ) -func TokenIsMemberOfBuiltInAdministrator(token windows.Token) bool { - gs, err := token.GetTokenGroups() - if err != nil { - return false - } - isAdmin := false - for _, g := range gs.AllGroups() { - if (g.Attributes&windows.SE_GROUP_USE_FOR_DENY_ONLY != 0 || g.Attributes&windows.SE_GROUP_ENABLED != 0) && g.Sid.IsWellKnown(windows.WinBuiltinAdministratorsSid) { - isAdmin = true - break - } - } - runtime.KeepAlive(gs) - return isAdmin -} - func DropAllPrivileges(retainDriverLoading bool) error { processHandle, err := windows.GetCurrentProcess() if err != nil { diff --git a/elevate/shellexecute.go b/elevate/shellexecute.go index 6e71e576..00f2d915 100644 --- a/elevate/shellexecute.go +++ b/elevate/shellexecute.go @@ -13,8 +13,6 @@ import ( "golang.org/x/sys/windows" "golang.org/x/sys/windows/registry" - - "golang.zx2c4.com/wireguard/windows/services" ) const ( @@ -79,7 +77,7 @@ func ShellExecute(program string, arguments string, directory string, show int32 err = windows.ERROR_SUCCESS return } - if !services.TokenIsMemberOfBuiltInAdministrator(processToken) { + if !TokenIsMemberOfBuiltInAdministrator(processToken) { err = windows.ERROR_ACCESS_DENIED return } |