6

我看到了 IsInRole 方法,但找不到有关如何将它与 C++ 一起使用的信息。

4

4 回答 4

2

这个旧答案中有一个 C++ 代码片段,取自 CodePlex 上的UACHelpers项目。

于 2010-08-23T10:32:34.310 回答
2

这段代码解决了你的问题。随意使用它。它适用于 SE_GROUP_USE_FOR_DENY_ONLY。

/**
  IsGroupMember determines if the current thread or process has a token that contais a given and enabled user group. 

  Parameters
   dwRelativeID: Defines a relative ID (par of a SID) of a user group (e.g. Administrators DOMAIN_ALIAS_RID_ADMINS (544) = S-1-5-32-544)
   bProcessRelative: Defines whether to use the process token (TRUE) instead of the thread token (FALSE). If FALSE and no thread token is present
     the process token will be used though.
   bIsMember: Returns the result of the function. The value returns TRUE if the user is an enabled member of the group; otherwise FALSE.

  Return Value
    If the function succeeds, the return value is TRUE; otherwise FALSE. Call GetLastError for more information.
*/
BOOL IsGroupMember(DWORD dwRelativeID, BOOL bProcessRelative, BOOL* pIsMember)
{
    HANDLE hToken, hDupToken;
    PSID pSid = NULL;
    SID_IDENTIFIER_AUTHORITY SidAuthority = SECURITY_NT_AUTHORITY;

    if (!pIsMember)
    {
        SetLastError(ERROR_INVALID_USER_BUFFER);
        return FALSE;
    }

    if (bProcessRelative || !OpenThreadToken(GetCurrentThread(), TOKEN_QUERY | TOKEN_DUPLICATE, TRUE, &hToken))
    {
        if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY | TOKEN_DUPLICATE, &hToken))
        {
            return FALSE;
        }
    }

    if (!DuplicateToken(hToken, SecurityIdentification, &hDupToken))
    {
        CloseHandle(hToken);
        return FALSE;
    }

    CloseHandle(hToken);
    hToken = hDupToken;

    if (!AllocateAndInitializeSid(&SidAuthority, 2,
            SECURITY_BUILTIN_DOMAIN_RID, dwRelativeID, 0, 0, 0, 0, 0, 0,
            &pSid))
    {
        CloseHandle(hToken);
        return FALSE;
    }

    if (!CheckTokenMembership(hToken, pSid, pIsMember))
    {
        CloseHandle(hToken);
        FreeSid(pSid);

        *pIsMember = FALSE;
        return FALSE;
    }

    CloseHandle(hToken);
    FreeSid(pSid);

    return TRUE;
}

BOOL IsUserAdministrator(BOOL* pIsAdmin)
{
    return IsGroupMember(DOMAIN_ALIAS_RID_ADMINS, FALSE, pIsAdmin);
}
于 2010-10-29T10:57:59.703 回答
1

的文档IsUSerAnAdmin解释说它自 Vista 以来已被弃用,但指向CheckTokenMembership. 那应该为你做这项工作。

于 2010-08-24T07:11:56.777 回答
-1

你可以试试这段代码。它给出了需要做的事情的草图:

const HANDLE hProcess = GetCurrentProcess();
if (hProcess==NULL)
    return FAILURE;

HANDLE hToken;
const BOOL lR = OpenProcessToken(hProcess, TOKEN_QUERY, &hToken);
if (lR == NULL) 
    return FAILURE;

PSID psidAdministrators;
SID_IDENTIFIER_AUTHORITY x = SECURITY_NT_AUTHORITY;
if (!AllocateAndInitializeSid(
    &x, 2, 
    SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0,
    &psidAdministrators))
    return FAILURE;

bool isAdmin = false; //dummy init
DWORD size;
GetTokenInformation(hToken, TokenGroups, NULL, 0, &size);
char* buffer = new char[size]; 
DWORD notUsed;
if (!GetTokenInformation(hToken, TokenGroups, (void*)buffer, size, &notUsed))
    return FAILURE;

TOKEN_GROUPS* ptgGroups = (TOKEN_GROUPS*)buffer;
isAdmin = false; //until proven otherwise
for (UINT32 i=0; i<ptgGroups->GroupCount; ++i)
{
    if (EqualSid(psidAdministrators, ptgGroups->Groups[i].Sid))
    {
        isAdmin = true;
        break;
    }
}

FreeSid(psidAdministrators);
return isAdmin;
于 2010-08-23T10:39:11.600 回答