<< February 2013 >>
Sun Mon Tue Wed Thu Fri Sat
 01 02
03 04 05 06 07 08 09
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28



Technology Thoughts, ramblings.. etc

If you want to be updated on this weblog Enter your email here:



rss feed



Friday, February 25, 2005
Is Administrator()?

Hi,

Here's some code which determines the rights of the user under which the code is executed.  It's native C using Win32 APIs but could be used in other languages (like Delphi and .NET - with proper Interop etc).  Sorry about the formatting!


bool IsAdmin() //used purely when logging
{
 HANDLE hAccessToken = 0;
 DWORD dwInfoBufferSize = 0;
 TOKEN_GROUPS *ptg;
 DWORD needed;

 PSID psidAdministrators;
 PSID psidPowerUsers;

 bool bRetVal    = false;
 BOOL blnResult    = FALSE;

 if(IsLoggingEnabled()) //check to see if logging is enabled
 {
  SID_IDENTIFIER_AUTHORITY sidIdentifiers = SECURITY_NT_AUTHORITY; //= {0,0,0,0,0,5}; // ntifs

  //         Other Defines
  //
  //  DWORD  dwSecBuiltinDomainRID  = SECURITY_BUILTIN_DOMAIN_RID;  //= 0x00000020;
  //  DWORD  dwDomainAliasRIDAdmins = DOMAIN_ALIAS_RID_ADMINS;   //= 0x00000220;
  //  DWORD  dwDomainAliasRIDUsers  = DOMAIN_ALIAS_RID_USERS;    //= 0x00000221;
  //  DWORD  dwDomainAliasRIDGuests = DOMAIN_ALIAS_RID_GUESTS;   //= 0x00000222;
  //  DWORD  dwDomainAliasRIDPower  = DOMAIN_ALIAS_RID_POWER_USERS;  //= 0x00000223;
  //


  blnResult = OpenThreadToken( GetCurrentThread(), TOKEN_QUERY, true, &hAccessToken );

  if(!blnResult)
  {
   if(GetLastError() == ERROR_NO_TOKEN)
   {
    blnResult = OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hAccessToken);
   }else{
    LogMessage("IsAdmin::Couldn't Check Privileges - OpenThreadToken/ProcessToken failed", 3);
    return false;
   }
  }

  if(blnResult)
  {
   try
   {
     ptg = (TOKEN_GROUPS *) malloc( 1024 );

     blnResult = GetTokenInformation(hAccessToken, TokenGroups, ptg, 1024, &needed);

     CloseHandle(hAccessToken);

     if(blnResult)
     {
      BOOL bAdminPSID = FALSE;
      BOOL bPowerUSER = FALSE;
      bAdminPSID = AllocateAndInitializeSid(&sidIdentifiers, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, &psidAdministrators);
      bPowerUSER = AllocateAndInitializeSid(&sidIdentifiers, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_POWER_USERS, 0, 0, 0, 0, 0, 0, &psidPowerUsers);
          
      if(bAdminPSID == TRUE || bPowerUSER == TRUE)
      {
       for(int i = 0; i < ptg->GroupCount; ++i)
       {
       if(bAdminPSID)
       {
        if(EqualSid(psidAdministrators, ptg->Groups[i].Sid))
        {
         LogMessage("IsAdmin::Determined that User is a member of the Administrators group", 3);
         bRetVal = true;
         break;
        } 
       }
       if(bPowerUSER) //also see if the user is a Power User
       {
        if(EqualSid(psidPowerUsers, ptg->Groups[i].Sid))
        {
         LogMessage("IsAdmin::Determined that User is a member of the Power Users group.", 3);                
        } 
       }
       }     
       if(bAdminPSID)
       FreeSid(psidAdministrators);

       if(bPowerUSER)
       FreeSid(psidPowerUsers);
      }
     }else{
     LogMessage("IsAdmin::GetTokenInformation Failed", 3);
     }

     free(ptg);

   }catch(...)
   {
    LogMessage("IsAdmin::Exception Thrown Checking Privileges", 3);
   }
  }
  
  if(!bRetVal)
   LogMessage("IsAdmin::Looks like user might not have Administrative privileges", 3);
 }
 return bRetVal;
}


Posted at 04:23 pm by ausrob2003
Make a comment  

Friday, February 11, 2005
Welcome

Hi,

So this is my fourth blog on Blogdrive.  I've wanted to get around to putting up a code/programming blog for several years, but never had the time.

About this blog
-----------------

So the purpose of this blog is so I can post code snippets, opinion, techniques and any other ideas which come to mind.  You are welcome to add comments and your own code samples.  What I envisaged was a co-operative where people could trade ideas.

About the Author
-------------------
I started out programming on a Commodore 64 (in the mid-late eighties) and since have programmed on Amiga, Unix and, of course DOS/Windows based PCs.  I have also some experience with OS/2, Solaris and Macintosh.

My area of speciality is C/C++ (incl STL, ATL, WTL), C# with prior experience with JavaScript, VBScript, Perl, PHP, Visual Basic, BASIC (and qBASIC), SQL, ASP and COM.  I've also worked using QT, Mozilla and compilers such as gcc and msvc.

What Content Will Be Here?
-------------------------------

I'll post regular rants on pretty much anything.  My first post is going to be either on how to detect a user's permissions on NT based systems or perhaps a snippet on Unicode!

Regards,

Rob

My Profile


Posted at 04:09 pm by ausrob2003
Make a comment  

Previous Page