[NETID] Simplify IsUserAdmin() helper implementation (#5763)

Addendum to commit 8c4b0c914. Base ourselves on pSetupIsUserAdmin() and other similar functions in our codebase. Note that what we are actually interested here, is whether the current thread runs with Administrator privileges. (As noticed by contributor 'whindsaks', "Not only is this code simpler, it now will correctly handle deny-only SIDs in the token!")
2025-02-21 16:04:57 +00:00 · 2023-10-06 14:45:52 +02:00 · 2023-10-06 14:45:52 +02:00 · d0b43a399f
commit d0b43a399f
parent e685b25e35
1 changed files with 10 additions and 46 deletions
--- a/dll/win32/netid/netid.c
+++ b/dll/win32/netid/netid.c
@ -162,58 +162,22 @@ GetComputerNames(
 static BOOL
 IsUserAdmin(VOID)
 {
+    BOOL bIsAdmin;
    SID_IDENTIFIER_AUTHORITY Authority = {SECURITY_NT_AUTHORITY};
-    PSID pAdminsSid = NULL;
-    HANDLE hToken = NULL;
-    PTOKEN_GROUPS pGroups = NULL;
-    BOOL bIsAdmin = FALSE;
-    DWORD dwSize, i;
+    PSID pAdminsSid;

-    if (!AllocateAndInitializeSid(&Authority, 2, SECURITY_BUILTIN_DOMAIN_RID,
-                                  DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0,
+    if (!AllocateAndInitializeSid(&Authority, 2,
+                                  SECURITY_BUILTIN_DOMAIN_RID,
+                                  DOMAIN_ALIAS_RID_ADMINS,
+                                  0, 0, 0, 0, 0, 0,
                                  &pAdminsSid))
+    {
        return FALSE;
-
-    if (!OpenProcessToken(GetCurrentProcess(),
-                          TOKEN_QUERY,
-                          &hToken))
-        goto done;
-
-    if (GetTokenInformation(hToken, TokenGroups, NULL, 0, &dwSize) ||
-        GetLastError() != ERROR_INSUFFICIENT_BUFFER)
-    {
-        goto done;
    }

-    pGroups = HeapAlloc(GetProcessHeap(), 0, dwSize);
-    if (pGroups == NULL)
-        goto done;
-
-    if (!GetTokenInformation(hToken,
-                             TokenGroups,
-                             pGroups,
-                             dwSize,
-                             &dwSize))
-        goto done;
-
-    for (i = 0; i < pGroups->GroupCount; i++)
-    {
-        if (EqualSid(pGroups->Groups[i].Sid, pAdminsSid))
-        {
-            bIsAdmin = TRUE;
-            break;
-        }
-    }
-
-done:
-    if (pGroups != NULL)
-        HeapFree(GetProcessHeap(), 0, pGroups);
-
-    if (hToken != NULL)
-        CloseHandle(hToken);
-
-    if (pAdminsSid != NULL)
-        FreeSid(pAdminsSid);
+    if (!CheckTokenMembership(NULL, pAdminsSid, &bIsAdmin))
+        bIsAdmin = FALSE;
+    FreeSid(pAdminsSid);

    return bIsAdmin;
 }