github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #124665 from neolit123/1.31-fix-windows-priv-preflight-check

Browse Source 
kubeadm: update the IsPriviligedUser preflight check on Windows
This commit is contained in:
Kubernetes Prow Robot
2024-05-02 13:13:28 -07:00
committed by GitHub
parent bb838fde5b d105ddd350
commit 201e6262c4
1 changed files with 5 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
cmd/kubeadm/app/preflight/checks_windows.go
View File

@@ -20,34 +20,17 @@ limitations under the License.
package preflight package preflight
import ( import (
"os/user"
"github.com/pkg/errors" "github.com/pkg/errors"
"golang.org/x/sys/windows"
) )
// The "Well-known SID" of Administrator group
// https://support.microsoft.com/en-us/help/243330/well-known-security-identifiers-in-windows-operating-systems
const administratorSID = "S-1-5-32-544"
// Check validates if a user has elevated (administrator) privileges. // Check validates if a user has elevated (administrator) privileges.
func (ipuc IsPrivilegedUserCheck) Check() (warnings, errorList []error) { func (ipuc IsPrivilegedUserCheck) Check() (warnings, errorList []error) {
currUser, err := user.Current() hProcessToken := windows.GetCurrentProcessToken()
if err != nil { if hProcessToken.IsElevated() {
return nil, []error{errors.Wrap(err, "cannot get current user")}
}
groupIds, err := currUser.GroupIds()
if err != nil {
return nil, []error{errors.Wrap(err, "cannot get group IDs for current user")}
}
for _, sid := range groupIds {
if sid == administratorSID {
return nil, nil return nil, nil
} }
} return nil, []error{errors.New("the kubeadm process must be run by a user with elevated privileges")}
return nil, []error{errors.New("user is not running as administrator")}
} }
// Check number of memory required by kubeadm // Check number of memory required by kubeadm