2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
14 #include <afs/param.h>
19 #include <WINNT/TaLocale.h>
23 * ISWINNT ____________________________________________________________________
27 BOOL IsWindowsNT (void)
29 static BOOL fChecked = FALSE;
30 static BOOL fIsWinNT = FALSE;
36 OSVERSIONINFO Version;
37 memset (&Version, 0x00, sizeof(Version));
38 Version.dwOSVersionInfoSize = sizeof(Version);
40 if (GetVersionEx (&Version))
42 if (Version.dwPlatformId == VER_PLATFORM_WIN32_NT)
52 * ISADMIN ____________________________________________________________________
56 #define AFSCLIENT_ADMIN_GROUPNAME "AFS Client Admins"
60 static BOOL fAdmin = FALSE;
61 static BOOL fTested = FALSE;
65 /* Obtain the SID for the AFS client admin group. If the group does
66 * not exist, then assume we have AFS client admin privileges.
68 PSID psidAdmin = NULL;
69 DWORD dwSize, dwSize2;
70 char pszAdminGroup[ MAX_COMPUTERNAME_LENGTH + sizeof(AFSCLIENT_ADMIN_GROUPNAME) + 2 ];
71 char *pszRefDomain = NULL;
72 SID_NAME_USE snu = SidTypeGroup;
74 dwSize = sizeof(pszAdminGroup);
76 if (!GetComputerName(pszAdminGroup, &dwSize)) {
77 /* Can't get computer name. We return false in this case.
78 Retain fAdmin and fTested. This shouldn't happen.*/
85 strcat(pszAdminGroup,"\\");
86 strcat(pszAdminGroup, AFSCLIENT_ADMIN_GROUPNAME);
88 LookupAccountName(NULL, pszAdminGroup, NULL, &dwSize, NULL, &dwSize2, &snu);
89 /* that should always fail. */
91 if (GetLastError() != ERROR_INSUFFICIENT_BUFFER) {
92 /* if we can't find the group, then we allow the operation */
97 if (dwSize == 0 || dwSize2 == 0) {
103 psidAdmin = (PSID)malloc(dwSize); memset(psidAdmin,0,dwSize);
104 pszRefDomain = (char *)malloc(dwSize2);
106 if (!LookupAccountName(NULL, pszAdminGroup, psidAdmin, &dwSize, pszRefDomain, &dwSize2, &snu)) {
107 /* We can't lookup the group now even though we looked it up earlier.
108 Could this happen? */
111 /* Then open our current ProcessToken */
114 if (OpenProcessToken (GetCurrentProcess(), TOKEN_QUERY, &hToken))
117 if (!CheckTokenMembership(hToken, psidAdmin, &fAdmin)) {
118 /* We'll have to allocate a chunk of memory to store the list of
119 * groups to which this user belongs; find out how much memory
123 PTOKEN_GROUPS pGroups;
125 GetTokenInformation (hToken, TokenGroups, NULL, dwSize, &dwSize);
127 pGroups = (PTOKEN_GROUPS)malloc(dwSize);
129 /* Allocate that buffer, and read in the list of groups. */
130 if (GetTokenInformation (hToken, TokenGroups, pGroups, dwSize, &dwSize))
132 /* Look through the list of group SIDs and see if any of them
133 * matches the AFS Client Admin group SID.
136 for (; (!fAdmin) && (iGroup < pGroups->GroupCount); ++iGroup)
138 if (EqualSid (psidAdmin, pGroups->Groups[ iGroup ].Sid)) {
148 /* if do not have permission because we were not explicitly listed
149 * in the Admin Client Group let's see if we are the SYSTEM account
152 PTOKEN_USER pTokenUser;
153 SID_IDENTIFIER_AUTHORITY SIDAuth = SECURITY_NT_AUTHORITY;
154 PSID pSidLocalSystem = 0;
157 GetTokenInformation(hToken, TokenUser, NULL, 0, &dwSize);
159 pTokenUser = (PTOKEN_USER)malloc(dwSize);
161 if (!GetTokenInformation(hToken, TokenUser, pTokenUser, dwSize, &dwSize))
162 gle = GetLastError();
164 if (AllocateAndInitializeSid( &SIDAuth, 1,
165 SECURITY_LOCAL_SYSTEM_RID,
169 if (EqualSid(pTokenUser->User.Sid, pSidLocalSystem)) {
173 FreeSid(pSidLocalSystem);