fbc18410ad
(*Token).IsAdministrator is supposed to return true even when the user is running with a UAC limited token. The idea is that, for the purposes of this check, we don't care whether the user is *currently* running with full Admin rights, we just want to know whether the user can *potentially* do so. We accomplish this by querying for the token's "linked token," which should be the fully-elevated variant, and checking its group memberships. We also switch ipn/ipnserver/(*Server).connIsLocalAdmin to use the elevation check to preserve those semantics for tailscale serve; I want the IsAdministrator check to be used for less sensitive things like toggling auto-update on and off. Fixes #10036 Signed-off-by: Aaron Klotz <aaron@tailscale.com> |
||
|---|---|---|
| .. | ||
| ipnauth.go | ||
| ipnauth_notwindows.go | ||
| ipnauth_windows.go | ||