1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105
use nu_engine::command_prelude::*;
#[derive(Clone)]
pub struct IsAdmin;
impl Command for IsAdmin {
    fn name(&self) -> &str {
        "is-admin"
    }
    fn usage(&self) -> &str {
        "Check if nushell is running with administrator or root privileges."
    }
    fn signature(&self) -> nu_protocol::Signature {
        Signature::build("is-admin")
            .category(Category::Core)
            .input_output_types(vec![(Type::Nothing, Type::Bool)])
            .allow_variants_without_examples(true)
    }
    fn search_terms(&self) -> Vec<&str> {
        vec!["root", "administrator", "superuser", "supervisor"]
    }
    fn run(
        &self,
        _engine_state: &EngineState,
        _stack: &mut Stack,
        call: &Call,
        _input: PipelineData,
    ) -> Result<PipelineData, ShellError> {
        Ok(Value::bool(is_root(), call.head).into_pipeline_data())
    }
    fn examples(&self) -> Vec<Example> {
        vec![
            Example {
                description: "Return 'iamroot' if nushell is running with admin/root privileges, and 'iamnotroot' if not.",
                example: r#"if (is-admin) { "iamroot" } else { "iamnotroot" }"#,
                result: Some(Value::test_string("iamnotroot")),
            },
        ]
    }
}
/// Returns `true` if user is root; `false` otherwise
fn is_root() -> bool {
    is_root_impl()
}
#[cfg(unix)]
fn is_root_impl() -> bool {
    nix::unistd::Uid::current().is_root()
}
#[cfg(windows)]
fn is_root_impl() -> bool {
    use windows::Win32::{
        Foundation::{CloseHandle, HANDLE},
        Security::{GetTokenInformation, TokenElevation, TOKEN_ELEVATION, TOKEN_QUERY},
        System::Threading::{GetCurrentProcess, OpenProcessToken},
    };
    let mut elevated = false;
    // Checks whether the access token associated with the current process has elevated privileges.
    // SAFETY: `elevated` only touched by safe code.
    // `handle` lives long enough, initialized, mutated, used and closed with validity check.
    // `elevation` only read on success and passed with correct `size`.
    unsafe {
        let mut handle = HANDLE::default();
        // Opens the access token associated with the current process.
        if OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &mut handle).is_ok() {
            let mut elevation = TOKEN_ELEVATION::default();
            let mut size = std::mem::size_of::<TOKEN_ELEVATION>() as u32;
            // Retrieves elevation token information about the access token associated with the current process.
            // Call available since XP
            // https://learn.microsoft.com/en-us/windows/win32/api/securitybaseapi/nf-securitybaseapi-gettokeninformation
            if GetTokenInformation(
                handle,
                TokenElevation,
                Some(&mut elevation as *mut TOKEN_ELEVATION as *mut _),
                size,
                &mut size,
            )
            .is_ok()
            {
                // Whether the token has elevated privileges.
                // Safe to read as `GetTokenInformation` will not write outside `elevation` and it succeeded
                // See: https://learn.microsoft.com/en-us/windows/win32/api/securitybaseapi/nf-securitybaseapi-gettokeninformation#parameters
                elevated = elevation.TokenIsElevated != 0;
            }
        }
        if !handle.is_invalid() {
            // Closes the object handle.
            let _ = CloseHandle(handle);
        }
    }
    elevated
}