windows: add Token.IsRestricted helper
This adds an additional helper method to Token to determine whether or
not it's a restricted one, by using:
https://docs.microsoft.com/en-us/windows/win32/api/securitybaseapi/nf-securitybaseapi-istokenrestricted
Change-Id: I1f2d051450524c22665c4bb99f5948b375b5e199
Reviewed-on: https://go-review.googlesource.com/c/sys/+/272107
Run-TryBot: Jason A. Donenfeld <Jason@zx2c4.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Alex Brainman <alex.brainman@gmail.com>
Trust: Alex Brainman <alex.brainman@gmail.com>
Trust: Jason A. Donenfeld <Jason@zx2c4.com>
diff --git a/windows/zsyscall_windows.go b/windows/zsyscall_windows.go
index 8fbef7d..dadd5a8 100644
--- a/windows/zsyscall_windows.go
+++ b/windows/zsyscall_windows.go
@@ -95,6 +95,7 @@
procImpersonateSelf = modadvapi32.NewProc("ImpersonateSelf")
procInitializeSecurityDescriptor = modadvapi32.NewProc("InitializeSecurityDescriptor")
procInitiateSystemShutdownExW = modadvapi32.NewProc("InitiateSystemShutdownExW")
+ procIsTokenRestricted = modadvapi32.NewProc("IsTokenRestricted")
procIsValidSecurityDescriptor = modadvapi32.NewProc("IsValidSecurityDescriptor")
procIsValidSid = modadvapi32.NewProc("IsValidSid")
procIsWellKnownSid = modadvapi32.NewProc("IsWellKnownSid")
@@ -756,6 +757,15 @@
return
}
+func isTokenRestricted(tokenHandle Token) (ret bool, err error) {
+ r0, _, e1 := syscall.Syscall(procIsTokenRestricted.Addr(), 1, uintptr(tokenHandle), 0, 0)
+ ret = r0 != 0
+ if !ret {
+ err = errnoErr(e1)
+ }
+ return
+}
+
func isValidSecurityDescriptor(sd *SECURITY_DESCRIPTOR) (isValid bool) {
r0, _, _ := syscall.Syscall(procIsValidSecurityDescriptor.Addr(), 1, uintptr(unsafe.Pointer(sd)), 0, 0)
isValid = r0 != 0
