Merge pull request #77989 from ksubrmnn/kubeadm

Use os package for Windows IsPrivilegedUserCheck
This commit is contained in:
Kubernetes Prow Robot 2019-05-17 10:12:34 -07:00 committed by GitHub
commit e4cfb55b71
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -19,28 +19,38 @@ limitations under the License.
package preflight package preflight
import ( import (
"os/exec" "os/user"
"strings"
"github.com/pkg/errors" "github.com/pkg/errors"
) )
// Check validates if an user has elevated (administrator) privileges. // The "Well-known SID" of Administrator group
// https://support.microsoft.com/en-us/help/243330/well-known-security-identifiers-in-windows-operating-systems
const administratorSID = "S-1-5-32-544"
// Check validates if a user has elevated (administrator) privileges.
func (ipuc IsPrivilegedUserCheck) Check() (warnings, errorList []error) { func (ipuc IsPrivilegedUserCheck) Check() (warnings, errorList []error) {
errorList = []error{} errorList = []error{}
// The "Well-known SID" of Administrator group is S-1-5-32-544 currUser, err := user.Current()
// The following powershell will return "True" if run as an administrator, "False" otherwise
// See https://msdn.microsoft.com/en-us/library/cc980032.aspx
args := []string{"[bool](([System.Security.Principal.WindowsIdentity]::GetCurrent()).groups -match \"S-1-5-32-544\")"}
isAdmin, err := exec.Command("powershell", args...).Output()
if err != nil { if err != nil {
errorList = append(errorList, errors.Wrap(err, "unable to determine if user is running as administrator")) errorList = append(errorList, errors.New("cannot get current user"))
} else if strings.EqualFold(strings.TrimSpace(string(isAdmin)), "false") { return nil, errorList
errorList = append(errorList, errors.New("user is not running as administrator"))
} }
groupIds, err := currUser.GroupIds()
if err != nil {
errorList = append(errorList, errors.New("cannot get group IDs for current user"))
return nil, errorList
}
for _, sid := range groupIds {
if sid == administratorSID {
return nil, errorList
}
}
errorList = append(errorList, errors.New("user is not running as administrator"))
return nil, errorList return nil, errorList
} }