From 61b9204099cb1bebc803c9ffb9b2d3acd9d457d9 Mon Sep 17 00:00:00 2001
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Wed, 15 May 2019 13:56:26 +0200
Subject: [PATCH] windows: add functions for dealing with elevated tokens

These are required when dealing with UAC or launching processes as
elevated administrators on behalf of other users.

Change-Id: If256c838b1f0202a8703d91496ffdbe16be3a700
Reviewed-on: https://go-review.googlesource.com/c/sys/+/176858
Run-TryBot: Jason Donenfeld <Jason@zx2c4.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Alex Brainman <alex.brainman@gmail.com>
---
 windows/security_windows.go | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/windows/security_windows.go b/windows/security_windows.go
index f27fd7c6..f119a4ad 100644
--- a/windows/security_windows.go
+++ b/windows/security_windows.go
@@ -693,6 +693,28 @@ func (t Token) GetUserProfileDirectory() (string, error) {
 	}
 }
 
+// Returns whether the current token is elevated from a UAC perspective.
+func (token Token) IsElevated() bool {
+	var isElevated uint32
+	var outLen uint32
+	err := GetTokenInformation(token, TokenElevation, (*byte)(unsafe.Pointer(&isElevated)), uint32(unsafe.Sizeof(isElevated)), &outLen)
+	if err != nil {
+		return false
+	}
+	return outLen == uint32(unsafe.Sizeof(isElevated)) && isElevated != 0
+}
+
+// Returns the linked token, which may be an elevated UAC token.
+func (token Token) GetLinkedToken() (Token, error) {
+	var linkedToken Token
+	var outLen uint32
+	err := GetTokenInformation(token, TokenLinkedToken, (*byte)(unsafe.Pointer(&linkedToken)), uint32(unsafe.Sizeof(linkedToken)), &outLen)
+	if err != nil {
+		return Token(0), err
+	}
+	return linkedToken, nil
+}
+
 // GetSystemDirectory retrieves path to current location of the system
 // directory, which is typically, though not always, C:\Windows\System32.
 func GetSystemDirectory() (string, error) {