diff --git a/lib/pure/os.nim b/lib/pure/os.nim index 60ade511afcbd..f8497bf17620a 100644 --- a/lib/pure/os.nim +++ b/lib/pure/os.nim @@ -1654,22 +1654,19 @@ proc isAdmin*: bool {.noWeirdTarget.} = when defined(windows): # Rewrite of the example from Microsoft Docs: # https://docs.microsoft.com/en-us/windows/win32/api/securitybaseapi/nf-securitybaseapi-checktokenmembership#examples - var b: WINBOOL - var ntAuthority = SID_IDENTIFIER_AUTHORITY(value: [ - BYTE(0), BYTE(0), BYTE(0), BYTE(0), BYTE(0), BYTE(SECURITY_NT_AUTHORITY) - ]) + var ntAuthority = SID_IDENTIFIER_AUTHORITY(Value: SECURITY_NT_AUTHORITY) var administratorsGroup: PSID - b = AllocateAndInitializeSid(addr ntAuthority, - BYTE(2), - SECURITY_BUILTIN_DOMAIN_RID, - DOMAIN_ALIAS_RID_ADMINS, - 0, 0, 0, 0, 0, 0, - addr administratorsGroup) - if bool(b): - if not bool(CheckTokenMembership(0, administratorsGroup, addr b)): + var b: WINBOOL = AllocateAndInitializeSid(addr ntAuthority, + BYTE(2), + SECURITY_BUILTIN_DOMAIN_RID, + DOMAIN_ALIAS_RID_ADMINS, + 0, 0, 0, 0, 0, 0, + addr administratorsGroup) + if isSuccess(b): + if not isSuccess(CheckTokenMembership(0, administratorsGroup, addr b)): b = 0 discard FreeSid(administratorsGroup) - return bool(b) + return isSuccess(b) else: return geteuid() == 0 diff --git a/lib/windows/winlean.nim b/lib/windows/winlean.nim index 3800e99bf88d4..1c07b54c866b8 100644 --- a/lib/windows/winlean.nim +++ b/lib/windows/winlean.nim @@ -139,6 +139,7 @@ const HANDLE_FLAG_INHERIT* = 0x00000001'i32 +proc isSuccess*(a: WINBOOL): bool {.inline.} = a != 0 proc getVersionExW*(lpVersionInfo: ptr OSVERSIONINFO): WINBOOL {. stdcall, dynlib: "kernel32", importc: "GetVersionExW", sideEffect.} proc getVersionExA*(lpVersionInfo: ptr OSVERSIONINFO): WINBOOL {. @@ -1133,19 +1134,20 @@ proc setFileTime*(hFile: Handle, lpCreationTime: LPFILETIME, {.stdcall, dynlib: "kernel32", importc: "SetFileTime".} type - SID_IDENTIFIER_AUTHORITY* = object - value*: array[6, BYTE] - PSID_IDENTIFIER_AUTHORITY* = ptr SID_IDENTIFIER_AUTHORITY - SID* = object - revision: BYTE - subAuthorityCount: BYTE - identifierAuthority: SID_IDENTIFIER_AUTHORITY - subAuthority: ptr ptr DWORD - PSID* = ptr SID + SID_IDENTIFIER_AUTHORITY* {.importc, header: "windows.h".} = object + Value*: array[6, BYTE] + PSID_IDENTIFIER_AUTHORITY* {.importc, header: "windows.h".} = ptr SID_IDENTIFIER_AUTHORITY + SID* {.importc, header: "windows.h".} = object + Revision: BYTE + SubAuthorityCount: BYTE + IdentifierAuthority: SID_IDENTIFIER_AUTHORITY + SubAuthority: ptr ptr DWORD + PSID* {.importc, header: "windows.h".} = ptr SID const # https://docs.microsoft.com/en-us/windows/win32/secauthz/sid-components - SECURITY_NT_AUTHORITY* = 5 + # https://github.com/mirror/mingw-w64/blob/84c950bdab7c999ace49fe8383856be77f88c4a8/mingw-w64-headers/include/winnt.h#L2994 + SECURITY_NT_AUTHORITY* = [BYTE(0), BYTE(0), BYTE(0), BYTE(0), BYTE(0), BYTE(5)] SECURITY_BUILTIN_DOMAIN_RID* = 32 DOMAIN_ALIAS_RID_ADMINS* = 544 diff --git a/tests/stdlib/tos.nim b/tests/stdlib/tos.nim index f35c5c5aec358..76212c47253a6 100644 --- a/tests/stdlib/tos.nim +++ b/tests/stdlib/tos.nim @@ -653,5 +653,5 @@ block: # normalizeExe doAssert "foo".dup(normalizeExe) == "foo" block: # isAdmin - let isAzure = existsEnv("TF_BUILD") # xxx factor with testament.specs.isAzure + let isAzure = defined(windows) and existsEnv("TF_BUILD") # xxx factor with testament.specs.isAzure if isAzure: doAssert isAdmin()