upstream/k3s
1
0
Fork 0
mirror of https://github.com/k3s-io/k3s.git synced 2026-05-28 04:34:19 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
k3s/pkg/util/permissions/permissions_windows.go
Brad Davidson 3acf8db8f2 Update packages to remove dep on archived github.com/pkg/errors 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2026-03-09 16:09:01 -07:00

44 lines
1.2 KiB
Go
Raw Permalink Blame History

//go:build windows
package permissions
import (
"github.com/k3s-io/k3s/pkg/util/errors"
"golang.org/x/sys/windows"
)
// IsPrivileged returns an error if the the process is not running as a member of the BUILTIN\Administrators group.
// Ref: https://github.com/kubernetes/kubernetes/pull/96616
func IsPrivileged() error {
var sid *windows.SID
// Although this looks scary, it is directly copied from the
// official windows documentation. The Go API for this is a
// direct wrap around the official C++ API.
// Ref: https://docs.microsoft.com/en-us/windows/desktop/api/securitybaseapi/nf-securitybaseapi-checktokenmembership
err := windows.AllocateAndInitializeSid(
&windows.SECURITY_NT_AUTHORITY,
2,
windows.SECURITY_BUILTIN_DOMAIN_RID,
windows.DOMAIN_ALIAS_RID_ADMINS,
0, 0, 0, 0, 0, 0,
&sid)
if err != nil {
return errors.WithMessage(err, "failed to create Windows SID")
}
defer windows.FreeSid(sid)
// Ref: https://github.com/golang/go/issues/28804#issuecomment-438838144
token := windows.Token(0)
member, err := token.IsMember(sid)
if err != nil {
return errors.WithMessage(err, "failed to check group membership")
}
if !member {
return errors.New("not running as member of BUILTIN\\Administrators group")
}
return nil
}
Reference in a new issue View git blame Copy permalink