Mercurial > trustbridge
diff common/util.c @ 505:78959fd970b0
Add is_admin and implement it for windows
| author | Andre Heinecke <aheinecke@intevation.de> |
|---|---|
| date | Mon, 28 Apr 2014 09:19:53 +0000 |
| parents | 17e1c8f37d72 |
| children | c7a35fa302ec |
line wrap: on
line diff
--- a/common/util.c Mon Apr 28 09:19:29 2014 +0000 +++ b/common/util.c Mon Apr 28 09:19:53 2014 +0000 @@ -6,6 +6,8 @@ * See LICENSE.txt for details. */ #include "util.h" +#include "logging.h" + #ifndef _WIN32 #include <unistd.h> #include <sys/types.h> @@ -36,3 +38,82 @@ #endif return ret; } + +bool is_admin() +{ +#ifndef _WIN32 + /* TODO implement */ + return false; +#else + bool retval = false; + BOOL in_admin_group = FALSE; + HANDLE hToken = NULL; + HANDLE hTokenToCheck = NULL; + DWORD cbSize = 0; + TOKEN_ELEVATION_TYPE elevation; + BYTE admin_id[SECURITY_MAX_SID_SIZE]; + + if (!OpenProcessToken(GetCurrentProcess(), + TOKEN_QUERY | TOKEN_DUPLICATE, &hToken)) + { + PRINTLASTERROR ("Failed to duplicate process token.\n"); + return false; + } + + if (!GetTokenInformation(hToken, TokenElevationType, &elevation, + sizeof(elevation), &cbSize)) + { + PRINTLASTERROR ("Failed to get token information.\n"); + goto done; + } + + /* If limited check the the linked token instead */ + if (TokenElevationTypeLimited == elevation) + { + if (!GetTokenInformation(hToken, TokenLinkedToken, &hTokenToCheck, + sizeof(hTokenToCheck), &cbSize)) + { + PRINTLASTERROR ("Failed to get the linked token.\n"); + goto done; + } + } + + if (!hTokenToCheck) /* The linked token is already of the correct type */ + { + if (!DuplicateToken(hToken, SecurityIdentification, &hTokenToCheck)) + { + PRINTLASTERROR ("Failed to duplicate token for identification.\n"); + goto done; + } + } + + /* Do the sid dance for the adminSID */ + cbSize = sizeof(admin_id); + if (!CreateWellKnownSid(WinBuiltinAdministratorsSid, NULL, &admin_id, + &cbSize)) + { + PRINTLASTERROR ("Failed to get admin sid.\n"); + goto done; + } + + /* The actual check */ + if (!CheckTokenMembership(hTokenToCheck, &admin_id, &in_admin_group)) + { + PRINTLASTERROR ("Failed to check token membership.\n"); + goto done; + } + + if (in_admin_group) + { + /* Winbool to standard bool */ + retval = true; + } + +done: + if (hToken) CloseHandle(hToken); + if (hTokenToCheck) CloseHandle(hTokenToCheck); + + return retval; +#endif +} +