2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
11 #include <afs/param.h>
16 #include <WINNT/TaLocale.h>
20 * ISWINNT ____________________________________________________________________
24 BOOL IsWindowsNT (void)
26 static BOOL fChecked = FALSE;
27 static BOOL fIsWinNT = FALSE;
33 OSVERSIONINFO Version;
34 memset (&Version, 0x00, sizeof(Version));
35 Version.dwOSVersionInfoSize = sizeof(Version);
37 if (GetVersionEx (&Version))
39 if (Version.dwPlatformId == VER_PLATFORM_WIN32_NT)
49 * ISADMIN ____________________________________________________________________
53 #define AFSCLIENT_ADMIN_GROUPNAME "AFS Client Admins"
57 static BOOL fAdmin = FALSE;
58 static BOOL fTested = FALSE;
62 /* Obtain the SID for the AFS client admin group. If the group does
63 * not exist, then assume we have AFS client admin privileges.
65 PSID psidAdmin = NULL;
66 DWORD dwSize, dwSize2;
67 char pszAdminGroup[ MAX_COMPUTERNAME_LENGTH + sizeof(AFSCLIENT_ADMIN_GROUPNAME) + 2 ];
68 char *pszRefDomain = NULL;
69 SID_NAME_USE snu = SidTypeGroup;
71 dwSize = sizeof(pszAdminGroup);
73 if (!GetComputerName(pszAdminGroup, &dwSize)) {
74 /* Can't get computer name. We return false in this case.
75 Retain fAdmin and fTested. This shouldn't happen.*/
82 strcat(pszAdminGroup,"\\");
83 strcat(pszAdminGroup, AFSCLIENT_ADMIN_GROUPNAME);
85 LookupAccountName(NULL, pszAdminGroup, NULL, &dwSize, NULL, &dwSize2, &snu);
86 /* that should always fail. */
88 if (GetLastError() != ERROR_INSUFFICIENT_BUFFER) {
89 /* if we can't find the group, then we allow the operation */
94 if (dwSize == 0 || dwSize2 == 0) {
100 psidAdmin = (PSID)malloc(dwSize); memset(psidAdmin,0,dwSize);
101 pszRefDomain = (char *)malloc(dwSize2);
103 if (!LookupAccountName(NULL, pszAdminGroup, psidAdmin, &dwSize, pszRefDomain, &dwSize2, &snu)) {
104 /* We can't lookup the group now even though we looked it up earlier.
105 Could this happen? */
108 /* Then open our current ProcessToken */
111 if (OpenProcessToken (GetCurrentProcess(), TOKEN_QUERY, &hToken))
114 if (!CheckTokenMembership(hToken, psidAdmin, &fAdmin)) {
115 /* We'll have to allocate a chunk of memory to store the list of
116 * groups to which this user belongs; find out how much memory
120 PTOKEN_GROUPS pGroups;
122 GetTokenInformation (hToken, TokenGroups, NULL, dwSize, &dwSize);
124 pGroups = (PTOKEN_GROUPS)malloc(dwSize);
126 /* Allocate that buffer, and read in the list of groups. */
127 if (GetTokenInformation (hToken, TokenGroups, pGroups, dwSize, &dwSize))
129 /* Look through the list of group SIDs and see if any of them
130 * matches the AFS Client Admin group SID.
133 for (; (!fAdmin) && (iGroup < pGroups->GroupCount); ++iGroup)
135 if (EqualSid (psidAdmin, pGroups->Groups[ iGroup ].Sid)) {
145 /* if do not have permission because we were not explicitly listed
146 * in the Admin Client Group let's see if we are the SYSTEM account
149 PTOKEN_USER pTokenUser;
150 SID_IDENTIFIER_AUTHORITY SIDAuth = SECURITY_NT_AUTHORITY;
151 PSID pSidLocalSystem = 0;
154 GetTokenInformation(hToken, TokenUser, NULL, 0, &dwSize);
156 pTokenUser = (PTOKEN_USER)malloc(dwSize);
158 if (!GetTokenInformation(hToken, TokenUser, pTokenUser, dwSize, &dwSize))
159 gle = GetLastError();
161 if (AllocateAndInitializeSid( &SIDAuth, 1,
162 SECURITY_LOCAL_SYSTEM_RID,
166 if (EqualSid(pTokenUser->User.Sid, pSidLocalSystem)) {
170 FreeSid(pSidLocalSystem);