mirror of
https://github.com/golang/sys.git
synced 2026-02-08 03:36:03 +03:00
acfa387b8d
A usual thing to ask is, "Is my current token in group X?" The right way
of doing such a thing is:
processToken, err := windows.OpenCurrentProcessToken()
if err != nil {
return false, err
}
defer processToken.Close()
var checkableToken windows.Token
err = windows.DuplicateTokenEx(token, windows.TOKEN_QUERY | windows.TOKEN_IMPERSONATE, nil, windows.SecurityIdentification, windows.TokenImpersonation, &checkableToken)
if err != nil {
return false, err
}
defer checkableToken.Close()
isMember, err := checkableToken.IsMember(someSID)
return isMember && err == nil, nil
This is the same flow that's used by, for example, shell32's internal
_LUAIsTokenAdmin function.
However, this all fails unless the original token is opened with
duplicate access. So this commit adjusts OpenCurrentProcessToken to do
the right thing.
Change-Id: I18efdfde43097ea9d10758018b0df132fba819f5
Reviewed-on: https://go-review.googlesource.com/c/sys/+/192337
Run-TryBot: Jason A. Donenfeld <Jason@zx2c4.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Simon Rozman <simon@rozman.si>
Reviewed-by: Alex Brainman <alex.brainman@gmail.com>