-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathuser.go
74 lines (63 loc) · 1.38 KB
/
user.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
//go:build windows
// +build windows
package winproc
import (
"syscall"
"github.com/gentlemanautomaton/winproc/winsecid"
)
// User holds account information for the security context of a process.
type User struct {
SID string
Account string
Domain string
Type uint32
}
// System returns true if u describes a system user with one of the following
// security identifiers:
//
// Local System
// NT Authority
// Network Service
func (u User) System() bool {
switch u.SID {
case winsecid.LocalSystem, winsecid.NTAuthority, winsecid.NetworkService:
return true
default:
return false
}
}
// String returns a string representation of the user.
func (u User) String() string {
if u.Account == "" {
return u.SID
}
if u.Domain == "" {
return u.Account
}
return u.Domain + `\` + u.Account
}
func userFromProcess(process syscall.Handle) (User, error) {
var token syscall.Token
if err := syscall.OpenProcessToken(process, syscall.TOKEN_QUERY, &token); err != nil {
return User{}, err
}
defer token.Close()
tokenUser, err := token.GetTokenUser()
if err != nil {
return User{}, err
}
sid, err := tokenUser.User.Sid.String()
if err != nil {
return User{}, err
}
account, domain, accType, err := tokenUser.User.Sid.LookupAccount("")
if err != nil {
return User{}, err
}
return User{
SID: sid,
Account: account,
Domain: domain,
Type: accType,
}, nil
}