4. Rechte des aktuell angemeldeten Users herausfinden

Rechte des aktuell angemeldeten Users herausfinden

  • H

    Hallo,

    Preisfrage: Existiert eine Funktion um die Rechte des aktuell angemeldeten Users herauszufinden? Speziell ob der User über Adminrechte auf dem Client verfügt?

    Gruss
    Holgie

    0
  • P

    Hmm, Fragen hast du...
    Das geht "relativ" einfach...

    //Ist der liebe Benutzer ADMIN? 
//Wenn nicht gibt's was auf die Pfoten
void SETUP::isAdmin()
{
       bAdmin = false;

// Bleistift Code aus MSDN
       //Begin
       HANDLE hToken;
       DWORD  dwStatus;
       DWORD  dwAccessMask;
       DWORD  dwAccessDesired;
       DWORD  dwACLSize;
       DWORD  dwStructureSize = sizeof(PRIVILEGE_SET);
       PACL   pACL            = NULL;
       PSID   psidAdmin       = NULL;
       BOOL   bReturn         = FALSE;

       PRIVILEGE_SET   ps;
       GENERIC_MAPPING GenericMapping;

       PSECURITY_DESCRIPTOR     psdAdmin           = NULL;
       SID_IDENTIFIER_AUTHORITY SystemSidAuthority = SECURITY_NT_AUTHORITY;

       __try {

          // AccessCheck() requires an impersonation token.
          ImpersonateSelf(SecurityImpersonation);

          if (!OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, FALSE, 
                &hToken)) {

             if (GetLastError() != ERROR_NO_TOKEN)
                __leave;

             // If the thread does not have an access token, we'll 
             // examine the access token associated with the process.
             if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, 
                   &hToken))
                __leave;
          }

          if (!AllocateAndInitializeSid(&SystemSidAuthority, 2, 
                SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS,
                0, 0, 0, 0, 0, 0, &psidAdmin))
             __leave;

          psdAdmin = LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH);
          if (psdAdmin == NULL)
             __leave;

          if (!InitializeSecurityDescriptor(psdAdmin,
                SECURITY_DESCRIPTOR_REVISION))
             __leave;

          // Compute size needed for the ACL.
          dwACLSize = sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) +
                GetLengthSid(psidAdmin) - sizeof(DWORD);

          // Allocate memory for ACL.
          pACL = (PACL)LocalAlloc(LPTR, dwACLSize);
          if (pACL == NULL)
             __leave;

          // Initialize the new ACL.
          if (!InitializeAcl(pACL, dwACLSize, ACL_REVISION2))
             __leave;

          dwAccessMask= ACCESS_READ | ACCESS_WRITE;

          // Add the access-allowed ACE to the DACL.
          if (!AddAccessAllowedAce(pACL, ACL_REVISION2,
                dwAccessMask, psidAdmin))
             __leave;

          // Set our DACL to the SD.
          if (!SetSecurityDescriptorDacl(psdAdmin, TRUE, pACL, FALSE))
             __leave;

          // AccessCheck is sensitive about what is in the SD; set
          // the group and owner.
          SetSecurityDescriptorGroup(psdAdmin, psidAdmin, FALSE);
          SetSecurityDescriptorOwner(psdAdmin, psidAdmin, FALSE);

          if (!IsValidSecurityDescriptor(psdAdmin))
             __leave;

          dwAccessDesired = ACCESS_READ;

          // 
          // Initialize GenericMapping structure even though we
          // won't be using generic rights.
          // 
          GenericMapping.GenericRead    = ACCESS_READ;
          GenericMapping.GenericWrite   = ACCESS_WRITE;
          GenericMapping.GenericExecute = 0;
          GenericMapping.GenericAll     = ACCESS_READ | ACCESS_WRITE;

        if (!AccessCheck(psdAdmin, hToken, dwAccessDesired, 
                &GenericMapping, &ps, &dwStructureSize, &dwStatus, 
                &bReturn)) {
            //Auf keinen Fall ein printf.
            //printf("AccessCheck() failed with error %lu\n", GetLastError());
             __leave;
        }

        RevertToSelf();

    } __finally {

        // Cleanup 
        if (pACL) LocalFree(pACL);
        if (psdAdmin) LocalFree(psdAdmin);  
        if (psidAdmin) FreeSid(psidAdmin);
    }
    //End
    //Bleisitftcode aus MSDN

    bAdmin = bReturn ? true : false;

    if (!bAdmin)
    {
        LoadString(hinstance, IDS_ADMIN, bufMsg, 1024);
        LoadString(hinstance, IDS_ERROR_T, bufMsgT, 255);
        MessageBox(NULL,bufMsg, bufMsgT, MB_OK);
        exit(-11);
    }
}
    0
  • H

    Hab Dank!

    Gruss
    Holgie

    0
Anmelden zum Antworten