tailscale/util/winutil
Aaron Klotz fbc18410ad ipn/ipnauth: improve the Windows token administrator check
(*Token).IsAdministrator is supposed to return true even when the user is
running with a UAC limited token. The idea is that, for the purposes of
this check, we don't care whether the user is *currently* running with
full Admin rights, we just want to know whether the user can
*potentially* do so.

We accomplish this by querying for the token's "linked token," which
should be the fully-elevated variant, and checking its group memberships.

We also switch ipn/ipnserver/(*Server).connIsLocalAdmin to use the elevation
check to preserve those semantics for tailscale serve; I want the
IsAdministrator check to be used for less sensitive things like toggling
auto-update on and off.

Fixes #10036

Signed-off-by: Aaron Klotz <aaron@tailscale.com>
2023-11-03 14:37:04 -06:00
..
authenticode util/winutil/authenticode: add missing docs for CertSubjectError 2023-08-14 11:07:12 -06:00
policy winutil: refactor methods to get values from registry to also return (#9536) 2023-09-26 13:15:11 -04:00
mksyscall.go util/winutil: add RegisterForRestart, allowing programs to indicate their preferences to the Windows restart manager 2023-08-22 15:06:48 -06:00
svcdiag_windows.go all: use set.Set consistently instead of map[T]struct{} 2023-09-09 10:59:19 -07:00
winutil_notwindows.go winutil: refactor methods to get values from registry to also return (#9536) 2023-09-26 13:15:11 -04:00
winutil_windows_test.go go.mod, cmd/tailscaled, ipn/localapi, util/osdiag, util/winutil, util/winutil/authenticode: add Windows module list to OS-specific logs that are written upon bugreport 2023-08-03 11:33:14 -06:00
winutil_windows.go ipn/ipnauth: improve the Windows token administrator check 2023-11-03 14:37:04 -06:00
winutil.go winutil: refactor methods to get values from registry to also return (#9536) 2023-09-26 13:15:11 -04:00
zsyscall_windows.go util/winutil: add RegisterForRestart, allowing programs to indicate their preferences to the Windows restart manager 2023-08-22 15:06:48 -06:00