Francois Gouget : faultrep/tests: Update is_process_limited() to deal with non-administrator, non-power user accounts.

[Alexandre Julliard]

Module: wine
Branch: master
Commit: c4ae0298d089e4499fdebe9e748d53efd910944d
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=c4ae0298d089e4499fdebe9e748d53efd910944d

Author: Francois Gouget <fgouget at codeweavers.com>
Date:   Wed Mar  5 11:30:52 2014 +0100

faultrep/tests: Update is_process_limited() to deal with non-administrator, non-power user accounts.

---

 dlls/faultrep/tests/faultrep.c |   37 ++++++++++++++++++++++++++++++++++++-
 1 file changed, 36 insertions(+), 1 deletion(-)

diff --git a/dlls/faultrep/tests/faultrep.c b/dlls/faultrep/tests/faultrep.c
index e6961f9..d45c606 100644
--- a/dlls/faultrep/tests/faultrep.c
+++ b/dlls/faultrep/tests/faultrep.c
@@ -36,15 +36,50 @@ static const char regpath_exclude[] = "ExclusionList";
 
 static BOOL is_process_limited(void)
 {
+    static BOOL (WINAPI *pCheckTokenMembership)(HANDLE,PSID,PBOOL) = NULL;
     static BOOL (WINAPI *pOpenProcessToken)(HANDLE, DWORD, PHANDLE) = NULL;
+    SID_IDENTIFIER_AUTHORITY NtAuthority = {SECURITY_NT_AUTHORITY};
+    PSID Group;
+    BOOL IsInGroup;
     HANDLE token;
 
     if (!pOpenProcessToken)
     {
         HMODULE hadvapi32 = GetModuleHandleA("advapi32.dll");
         pOpenProcessToken = (void*)GetProcAddress(hadvapi32, "OpenProcessToken");
-        if (!pOpenProcessToken)
+        pCheckTokenMembership = (void*)GetProcAddress(hadvapi32, "CheckTokenMembership");
+        if (!pCheckTokenMembership || !pOpenProcessToken)
+        {
+            /* Win9x (power to the masses) or NT4 (no way to know) */
+            trace("missing pOpenProcessToken or CheckTokenMembership\n");
             return FALSE;
+        }
+    }
+
+    if (!AllocateAndInitializeSid(&NtAuthority, 2, SECURITY_BUILTIN_DOMAIN_RID,
+                                  DOMAIN_ALIAS_RID_ADMINS,
+                                  0, 0, 0, 0, 0, 0, &Group) ||
+        !pCheckTokenMembership(NULL, Group, &IsInGroup))
+    {
+        trace("Could not check if the current user is an administrator\n");
+        return FALSE;
+    }
+    if (!IsInGroup)
+    {
+        if (!AllocateAndInitializeSid(&NtAuthority, 2,
+                                      SECURITY_BUILTIN_DOMAIN_RID,
+                                      DOMAIN_ALIAS_RID_POWER_USERS,
+                                      0, 0, 0, 0, 0, 0, &Group) ||
+            !pCheckTokenMembership(NULL, Group, &IsInGroup))
+        {
+            trace("Could not check if the current user is a power user\n");
+            return FALSE;
+        }
+        if (!IsInGroup)
+        {
+            /* Only administrators and power users can be powerful */
+            return TRUE;
+        }
     }
 
     if (pOpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &token))