From d0b43a399f47eeb21c44a353a96d402bc8332601 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Herm=C3=A8s=20B=C3=A9lusca-Ma=C3=AFto?=
 <hermes.belusca-maito@reactos.org>
Date: Fri, 6 Oct 2023 14:45:52 +0200
Subject: [PATCH] [NETID] Simplify IsUserAdmin() helper implementation (#5763)

Addendum to commit 8c4b0c914.

Base ourselves on pSetupIsUserAdmin() and other similar functions in our
codebase. Note that what we are actually interested here, is whether the
current thread runs with Administrator privileges.

(As noticed by contributor 'whindsaks', "Not only is this code simpler,
it now will correctly handle deny-only SIDs in the token!")
---
 dll/win32/netid/netid.c | 56 ++++++++---------------------------------
 1 file changed, 10 insertions(+), 46 deletions(-)

diff --git a/dll/win32/netid/netid.c b/dll/win32/netid/netid.c
index ce3dfb6f417..1e2b08740c8 100644
--- a/dll/win32/netid/netid.c
+++ b/dll/win32/netid/netid.c
@@ -162,58 +162,22 @@ GetComputerNames(
 static BOOL
 IsUserAdmin(VOID)
 {
+    BOOL bIsAdmin;
     SID_IDENTIFIER_AUTHORITY Authority = {SECURITY_NT_AUTHORITY};
-    PSID pAdminsSid = NULL;
-    HANDLE hToken = NULL;
-    PTOKEN_GROUPS pGroups = NULL;
-    BOOL bIsAdmin = FALSE;
-    DWORD dwSize, i;
+    PSID pAdminsSid;
 
-    if (!AllocateAndInitializeSid(&Authority, 2, SECURITY_BUILTIN_DOMAIN_RID,
-                                  DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0,
+    if (!AllocateAndInitializeSid(&Authority, 2,
+                                  SECURITY_BUILTIN_DOMAIN_RID,
+                                  DOMAIN_ALIAS_RID_ADMINS,
+                                  0, 0, 0, 0, 0, 0,
                                   &pAdminsSid))
+    {
         return FALSE;
-
-    if (!OpenProcessToken(GetCurrentProcess(),
-                          TOKEN_QUERY,
-                          &hToken))
-        goto done;
-
-    if (GetTokenInformation(hToken, TokenGroups, NULL, 0, &dwSize) ||
-        GetLastError() != ERROR_INSUFFICIENT_BUFFER)
-    {
-        goto done;
     }
 
-    pGroups = HeapAlloc(GetProcessHeap(), 0, dwSize);
-    if (pGroups == NULL)
-        goto done;
-
-    if (!GetTokenInformation(hToken,
-                             TokenGroups,
-                             pGroups,
-                             dwSize,
-                             &dwSize))
-        goto done;
-
-    for (i = 0; i < pGroups->GroupCount; i++)
-    {
-        if (EqualSid(pGroups->Groups[i].Sid, pAdminsSid))
-        {
-            bIsAdmin = TRUE;
-            break;
-        }
-    }
-
-done:
-    if (pGroups != NULL)
-        HeapFree(GetProcessHeap(), 0, pGroups);
-
-    if (hToken != NULL)
-        CloseHandle(hToken);
-
-    if (pAdminsSid != NULL)
-        FreeSid(pAdminsSid);
+    if (!CheckTokenMembership(NULL, pAdminsSid, &bIsAdmin))
+        bIsAdmin = FALSE;
+    FreeSid(pAdminsSid);
 
     return bIsAdmin;
 }