atl/tests: Update registrar's is_process_limited() to deal with non-administrator, non-power user accounts.

[Francois Gouget]

---

This should fix the test failures on the fg-win2000-rusr, fg-winxp-lusr 
and fg-win7u64-1spie9usr VMs.

 dlls/atl/tests/registrar.c | 39 +++++++++++++++++++++++++++++++++++++--
 1 file changed, 37 insertions(+), 2 deletions(-)

diff --git a/dlls/atl/tests/registrar.c b/dlls/atl/tests/registrar.c
index c05b672..279e254 100644
--- a/dlls/atl/tests/registrar.c
+++ b/dlls/atl/tests/registrar.c
@@ -37,18 +37,53 @@
 #include <initguid.h>
 #include <atliface.h>
 
-
+/* Returns TRUE if the current process has enough privileges to do anything */
 static BOOL is_process_limited(void)
 {
+    static BOOL (WINAPI *pCheckTokenMembership)(HANDLE,PSID,PBOOL) = NULL;
     static BOOL (WINAPI *pOpenProcessToken)(HANDLE, DWORD, PHANDLE) = NULL;
+    SID_IDENTIFIER_AUTHORITY NtAuthority = {SECURITY_NT_AUTHORITY};
+    PSID Group;
+    BOOL IsInGroup;
     HANDLE token;
 
     if (!pOpenProcessToken)
     {
         HMODULE hadvapi32 = GetModuleHandleA("advapi32.dll");
         pOpenProcessToken = (void*)GetProcAddress(hadvapi32, "OpenProcessToken");
-        if (!pOpenProcessToken)
+        pCheckTokenMembership = (void*)GetProcAddress(hadvapi32, "CheckTokenMembership");
+        if (!pCheckTokenMembership || !pOpenProcessToken)
+        {
+            /* Win9x (power to the masses) or NT4 (no way to know) */
+            trace("missing pOpenProcessToken or CheckTokenMembership\n");
             return FALSE;
+        }
+    }
+
+    if (!AllocateAndInitializeSid(&NtAuthority, 2, SECURITY_BUILTIN_DOMAIN_RID,
+                                  DOMAIN_ALIAS_RID_ADMINS,
+                                  0, 0, 0, 0, 0, 0, &Group) ||
+        !pCheckTokenMembership(NULL, Group, &IsInGroup))
+    {
+        trace("Could not check if the current user is an administrator\n");
+        return FALSE;
+    }
+    if (!IsInGroup)
+    {
+        if (!AllocateAndInitializeSid(&NtAuthority, 2,
+                                      SECURITY_BUILTIN_DOMAIN_RID,
+                                      DOMAIN_ALIAS_RID_POWER_USERS,
+                                      0, 0, 0, 0, 0, 0, &Group) ||
+            !pCheckTokenMembership(NULL, Group, &IsInGroup))
+        {
+            trace("Could not check if the current user is a power user\n");
+            return FALSE;
+        }
+        if (!IsInGroup)
+        {
+            /* Only administrators and power users can be powerful */
+            return TRUE;
+        }
     }
 
     if (pOpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &token))
-- 
1.8.5.3