cleaning up + tests

projectdiscovery · May 3, 2023 · 18dc486 · 18dc486
1 parent 0b933d7
commit 18dc486
Show file tree

Hide file tree

Showing 3 changed files with 74 additions and 8 deletions.
diff --git a/main.go b/main.go
@@ -0,0 +1,54 @@
+package main
+
+import (
+	"log"
+
+	"golang.org/x/sys/windows"
+)
+
+func checkCurrentUserRoot() (bool, error) {
+	var err error = nil
+	var sid *windows.SID
+
+	// Although this looks scary, it is directly copied from the
+	// official windows documentation. The Go API for this is a
+	// direct wrap around the official C++ API.
+	// See https://docs.microsoft.com/en-us/windows/desktop/api/securitybaseapi/nf-securitybaseapi-checktokenmembership
+
+	err = windows.AllocateAndInitializeSid(
+		&windows.SECURITY_NT_AUTHORITY,
+		2,
+		windows.SECURITY_BUILTIN_DOMAIN_RID,
+		windows.DOMAIN_ALIAS_RID_ADMINS,
+		0, 0, 0, 0, 0, 0,
+		&sid)
+	if err != nil {
+		return false, err
+	}
+
+	defer windows.FreeSid(sid)
+
+	// This appears to cast a null pointer so I'm not sure why this
+	// works, but this guy says it does and it Works for Me™:
+	// https://github.com/golang/go/issues/28804#issuecomment-438838144
+	token := windows.Token(0)
+
+	member, err := token.IsMember(sid)
+	if err != nil {
+		return false, err
+	}
+
+	// Also note that an admin is _not_ necessarily considered
+	// elevated.
+	// For elevation see https://github.com/mozey/run-as-admin
+	if token.IsElevated() || member {
+		return true, err
+	}
+
+	return false, err
+}
+
+func main() {
+	isRoot, err := checkCurrentUserRoot()
+	log.Println(isRoot, err)
+}
diff --git a/permission/permission_test.go b/permission/permission_test.go
@@ -0,0 +1,18 @@
+package permissionutil
+
+import (
+	"testing"
+
+	osutils "github.com/projectdiscovery/utils/os"
+	"github.com/stretchr/testify/require"
+)
+
+func TestIsRoot(t *testing.T) {
+	t.Run("windows - linux", func(t *testing.T) {
+		isRoot, err := checkCurrentUserRoot()
+		if osutils.IsWindows() || osutils.IsLinux() {
+			require.Nil(t, err)
+			require.NotNil(t, isRoot)
+		}
+	})
+}
diff --git a/permission/permission_win.go b/permission/permission_win.go
@@ -9,15 +9,13 @@ import (
 // checkCurrentUserRoot on Windows
 // from https://github.com/golang/go/issues/28804#issuecomment-505326268
 func checkCurrentUserRoot() (bool, error) {
-	var err error = nil
 	var sid *windows.SID
 
 	// Although this looks scary, it is directly copied from the
 	// official windows documentation. The Go API for this is a
 	// direct wrap around the official C++ API.
 	// See https://docs.microsoft.com/en-us/windows/desktop/api/securitybaseapi/nf-securitybaseapi-checktokenmembership
-
-	err = windows.AllocateAndInitializeSid(
+	err := windows.AllocateAndInitializeSid(
 		&windows.SECURITY_NT_AUTHORITY,
 		2,
 		windows.SECURITY_BUILTIN_DOMAIN_RID,
@@ -43,11 +41,7 @@ func checkCurrentUserRoot() (bool, error) {
 	// Also note that an admin is _not_ necessarily considered
 	// elevated.
 	// For elevation see https://github.com/mozey/run-as-admin
-	if token.IsElevated() || member {
-		return true, err
-	}
-
-	return false, err
+	return token.IsElevated() || member, nil
 }
 
 // checkCurrentUserCapNetRaw on windows is not implemented