Google Git
Sign in
go / sys / 61b9204099cb1bebc803c9ffb9b2d3acd9d457d9^! / .
commit61b9204099cb1bebc803c9ffb9b2d3acd9d457d9[log] [tgz]
authorJason A. Donenfeld <Jason@zx2c4.com>Wed May 15 13:56:26 2019 +0200
committerAlex Brainman <alex.brainman@gmail.com>Thu May 16 11:00:30 2019 +0000
treed94511f80bb2d3dcbd69a3de23a937e5509ad2fc
parentcedb8e16d18afa7ead071a0a5f45393b1f3563c9 [diff]
windows: add functions for dealing with elevated tokens

These are required when dealing with UAC or launching processes as
elevated administrators on behalf of other users.

Change-Id: If256c838b1f0202a8703d91496ffdbe16be3a700
Reviewed-on: https://go-review.googlesource.com/c/sys/+/176858
Run-TryBot: Jason Donenfeld <Jason@zx2c4.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Alex Brainman <alex.brainman@gmail.com>

diff --git a/windows/security_windows.go b/windows/security_windows.go
index f27fd7c..f119a4a 100644
--- a/windows/security_windows.go
+++ b/windows/security_windows.go

@@ -693,6 +693,28 @@
 	}
 }
 
+// Returns whether the current token is elevated from a UAC perspective.
+func (token Token) IsElevated() bool {
+	var isElevated uint32
+	var outLen uint32
+	err := GetTokenInformation(token, TokenElevation, (*byte)(unsafe.Pointer(&isElevated)), uint32(unsafe.Sizeof(isElevated)), &outLen)
+	if err != nil {
+		return false
+	}
+	return outLen == uint32(unsafe.Sizeof(isElevated)) && isElevated != 0
+}
+
+// Returns the linked token, which may be an elevated UAC token.
+func (token Token) GetLinkedToken() (Token, error) {
+	var linkedToken Token
+	var outLen uint32
+	err := GetTokenInformation(token, TokenLinkedToken, (*byte)(unsafe.Pointer(&linkedToken)), uint32(unsafe.Sizeof(linkedToken)), &outLen)
+	if err != nil {
+		return Token(0), err
+	}
+	return linkedToken, nil
+}
+
 // GetSystemDirectory retrieves path to current location of the system
 // directory, which is typically, though not always, C:\Windows\System32.
 func GetSystemDirectory() (string, error) {