From f4178f8d0b97baea0bb6a6444fc37171c83ad316 Mon Sep 17 00:00:00 2001 From: Ron Yorston Date: Sat, 25 Mar 2023 15:04:15 +0000 Subject: win32: use CheckTokenMembership() to check privilege Rewrite the test for the reduced-privilege token: check whether the BUILTIN\Administrators group is enabled. This seems more directly relevant than the previous check for restrictions on the token. --- win32/mingw.c | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/win32/mingw.c b/win32/mingw.c index 011bc5ffb..e81f17f11 100644 --- a/win32/mingw.c +++ b/win32/mingw.c @@ -1138,26 +1138,28 @@ char *get_user_name(void) #if ENABLE_DROP || ENABLE_CDROP || ENABLE_PDROP /* - * When runuser drops privileges TokenIsElevated still returns TRUE. - * Use other means to determine if we're actually unprivileged. - * This is likely to be fragile. + * When 'drop' drops privileges TokenIsElevated is still TRUE. + * Find out if we're really privileged by checking if the group + * BUILTIN\Administrators is enabled. */ static int -actually_unprivileged(HANDLE h) +really_privileged(void) { - DWORD restricted = 0; - DWORD size; + BOOL admin_enabled; + unsigned char admin[16] = { + 0x01, 0x02, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x05, + 0x20, 0x00, 0x00, 0x00, + 0x20, 0x02, 0x00, 0x00 + }; - if (GetTokenInformation(h, TokenHasRestrictions, &restricted, - sizeof(restricted), &size)) { - // The token generated by runuser seems to 'have restrictions'. - return restricted != 0; - } + if (CheckTokenMembership(NULL, (PSID)admin, &admin_enabled)) + return admin_enabled; - return FALSE; + return TRUE; } #else -# define actually_unprivileged(h) (FALSE) +# define really_privileged() (TRUE) #endif int getuid(void) @@ -1171,7 +1173,7 @@ int getuid(void) if (GetTokenInformation(h, TokenElevation, &elevation, sizeof(elevation), &size)) { - if (elevation.TokenIsElevated && !actually_unprivileged(h)) + if (elevation.TokenIsElevated && really_privileged()) ret = 0; } CloseHandle(h); -- cgit v1.2.3-55-g6feb