Google Git
Sign in
fuchsia / third_party / golang.org / x / sys / acfa387b8d69adbeab4af0736737d42b9f2e8254
commitacfa387b8d69adbeab4af0736737d42b9f2e8254[log] [tgz]
authorJason A. Donenfeld <Jason@zx2c4.com>Thu Aug 29 07:51:42 2019 -0600
committerJason A. Donenfeld <Jason@zx2c4.com>Fri Aug 30 14:18:01 2019 +0000
tree7aee2406b5f7d78942a1412540d4da8a796545ca
parent08d80c9d36de4cf3f0843a021c300dd67a5e47dc [diff]
windows: open process tokens with duplicate access

A usual thing to ask is, "Is my current token in group X?" The right way
of doing such a thing is:

	processToken, err := windows.OpenCurrentProcessToken()
	if err != nil {
		return false, err
	}
	defer processToken.Close()
	var checkableToken windows.Token
	err = windows.DuplicateTokenEx(token, windows.TOKEN_QUERY | windows.TOKEN_IMPERSONATE, nil, windows.SecurityIdentification, windows.TokenImpersonation, &checkableToken)
	if err != nil {
		return false, err
	}
	defer checkableToken.Close()
	isMember, err := checkableToken.IsMember(someSID)
	return isMember && err == nil, nil

This is the same flow that's used by, for example, shell32's internal
_LUAIsTokenAdmin function.

However, this all fails unless the original token is opened with
duplicate access. So this commit adjusts OpenCurrentProcessToken to do
the right thing.

Change-Id: I18efdfde43097ea9d10758018b0df132fba819f5
Reviewed-on: https://go-review.googlesource.com/c/sys/+/192337
Run-TryBot: Jason A. Donenfeld <Jason@zx2c4.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Simon Rozman <simon@rozman.si>
Reviewed-by: Alex Brainman <alex.brainman@gmail.com>
1 file changed
tree: 7aee2406b5f7d78942a1412540d4da8a796545ca
  1. cpu/
  2. plan9/
  3. unix/
  4. windows/
  5. .gitattributes
  6. .gitignore
  7. AUTHORS
  8. codereview.cfg
  9. CONTRIBUTING.md
  10. CONTRIBUTORS
  11. go.mod
  12. LICENSE
  13. PATENTS
  14. README.md
README.md

sys

This repository holds supplemental Go packages for low-level interactions with the operating system.

Download/Install

The easiest way to install is to run go get -u golang.org/x/sys. You can also manually git clone the repository to $GOPATH/src/golang.org/x/sys.

Report Issues / Send Patches

This repository uses Gerrit for code changes. To learn how to submit changes to this repository, see https://golang.org/doc/contribute.html.

The main issue tracker for the sys repository is located at https://github.com/golang/go/issues. Prefix your issue with “x/sys:” in the subject line, so it is easy to find.