From 5aec69c5ba5cebd7b284f5d96e61b2d389a5572d Mon Sep 17 00:00:00 2001
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Wed, 28 Aug 2019 21:50:19 -0600
Subject: elevate: use more strict check for admin group

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
 manager/service.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'manager/service.go')

diff --git a/manager/service.go b/manager/service.go
index 8a525b12..43dd5d4c 100644
--- a/manager/service.go
+++ b/manager/service.go
@@ -104,7 +104,7 @@ func (service *managerService) Execute(args []string, r <-chan svc.ChangeRequest
 		if err != nil {
 			return
 		}
-		if !elevate.TokenIsMemberOfBuiltInAdministrator(userToken) {
+		if !elevate.TokenIsElevatedOrElevatable(userToken) {
 			userToken.Close()
 			return
 		}
-- 
cgit v1.2.3-59-g8ed1b