[reactos] 01/01: [NETID] Simplify IsUserAdmin() helper implementation (#5763) - Ros-diffs

7 Oct 2023

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=d0b43a399f47eeb21c44a…

commit d0b43a399f47eeb21c44a353a96d402bc8332601
Author:     Hermès Bélusca-Maïto &lt;hermes.belusca-maito(a)reactos.org&gt;
AuthorDate: Fri Oct 6 14:45:52 2023 +0200
Commit:     Hermès Bélusca-Maïto &lt;hermes.belusca-maito(a)reactos.org&gt;
CommitDate: Sat Oct 7 21:52:36 2023 +0200

    [NETID] Simplify IsUserAdmin() helper implementation (#5763)
    
    Addendum to commit 8c4b0c914.
    
    Base ourselves on pSetupIsUserAdmin() and other similar functions in our
    codebase. Note that what we are actually interested here, is whether the
    current thread runs with Administrator privileges.
    
    (As noticed by contributor 'whindsaks', "Not only is this code simpler,
    it now will correctly handle deny-only SIDs in the token!")
---
 dll/win32/netid/netid.c | 58 ++++++++++---------------------------------------
 1 file changed, 11 insertions(+), 47 deletions(-)

diff --git a/dll/win32/netid/netid.c b/dll/win32/netid/netid.c
index ce3dfb6f417..1e2b08740c8 100644
--- a/dll/win32/netid/netid.c
+++ b/dll/win32/netid/netid.c
@@ -162,58 +162,22 @@ GetComputerNames(
 static BOOL
 IsUserAdmin(VOID)
 {
+    BOOL bIsAdmin;
     SID_IDENTIFIER_AUTHORITY Authority = {SECURITY_NT_AUTHORITY};
-    PSID pAdminsSid = NULL;
-    HANDLE hToken = NULL;
-    PTOKEN_GROUPS pGroups = NULL;
-    BOOL bIsAdmin = FALSE;
-    DWORD dwSize, i;
-
-    if (!AllocateAndInitializeSid(&Authority, 2, SECURITY_BUILTIN_DOMAIN_RID,
-                                  DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0,
-                                  &pAdminsSid))
-        return FALSE;
-
-    if (!OpenProcessToken(GetCurrentProcess(),
-                          TOKEN_QUERY,
-                          &hToken))
-        goto done;
+    PSID pAdminsSid;
 
-    if (GetTokenInformation(hToken, TokenGroups, NULL, 0, &dwSize) ||
-        GetLastError() != ERROR_INSUFFICIENT_BUFFER)
-    {
-        goto done;
-    }
-
-    pGroups = HeapAlloc(GetProcessHeap(), 0, dwSize);
-    if (pGroups == NULL)
-        goto done;
-
-    if (!GetTokenInformation(hToken,
-                             TokenGroups,
-                             pGroups,
-                             dwSize,
-                             &dwSize))
-        goto done;
-
-    for (i = 0; i < pGroups->GroupCount; i++)
+    if (!AllocateAndInitializeSid(&Authority, 2,
+                                  SECURITY_BUILTIN_DOMAIN_RID,
+                                  DOMAIN_ALIAS_RID_ADMINS,
+                                  0, 0, 0, 0, 0, 0,
+                                  &pAdminsSid))
     {
-        if (EqualSid(pGroups->Groups[i].Sid, pAdminsSid))
-        {
-            bIsAdmin = TRUE;
-            break;
-        }
+        return FALSE;
     }
 
-done:
-    if (pGroups != NULL)
-        HeapFree(GetProcessHeap(), 0, pGroups);
-
-    if (hToken != NULL)
-        CloseHandle(hToken);
-
-    if (pAdminsSid != NULL)
-        FreeSid(pAdminsSid);
+    if (!CheckTokenMembership(NULL, pAdminsSid, &bIsAdmin))
+        bIsAdmin = FALSE;
+    FreeSid(pAdminsSid);
 
     return bIsAdmin;
 }

    