zoukankan      html  css  js  c++  java
  • 判断程序是否有 Administrator 权限

    CheckTokenMembership function (securitybaseapi.h)

    The CheckTokenMembership function determines whether a specified security identifier (SID) is enabled in an access token. If you want to determine group membership for app container tokens, you need to use the CheckTokenMembershipEx function.

    Syntax

    C++
    BOOL CheckTokenMembership(
      HANDLE TokenHandle,
      PSID   SidToCheck,
      PBOOL  IsMember
    );
    

    Parameters

    TokenHandle

    A handle to an access token. The handle must have TOKEN_QUERY access to the token. The token must be an impersonation token.

    If TokenHandle is NULL, CheckTokenMembership uses the impersonation token of the calling thread. If the thread is not impersonating, the function duplicates the thread's primary token to create an impersonation token.

    SidToCheck

    A pointer to a SID structure. The CheckTokenMembership function checks for the presence of this SID in the user and group SIDs of the access token.

    IsMember

    A pointer to a variable that receives the results of the check. If the SID is present and has the SE_GROUP_ENABLED attribute, IsMember returns TRUE; otherwise, it returns FALSE.

    Return value

    If the function succeeds, the return value is nonzero.

    If the function fails, the return value is zero. To get extended error information, call GetLastError.

    Remarks

    The CheckTokenMembership function simplifies the process of determining whether a SID is both present and enabled in an access token.

    Even if a SID is present in the token, the system may not use the SID in an access check. The SID may be disabled or have the SE_GROUP_USE_FOR_DENY_ONLY attribute. The system uses only enabled SIDs to grant access when performing an access check. For more information, see SID Attributes in an Access Token.

    If TokenHandle is a restricted token, or if TokenHandle is NULL and the current effective token of the calling thread is a restricted token, CheckTokenMembership also checks whether the SID is present in the list of restricting SIDs.

    Examples

    The following example shows checking a token for membership in the Administrators local group.

    BOOL IsUserAdmin(VOID)
    /*++ 
    Routine Description: This routine returns TRUE if the caller's
    process is a member of the Administrators local group. Caller is NOT
    expected to be impersonating anyone and is expected to be able to
    open its own process and process token. 
    Arguments: None. 
    Return Value: 
       TRUE - Caller has Administrators local group. 
       FALSE - Caller does not have Administrators local group. --
    */ 
    {
    BOOL b;
    SID_IDENTIFIER_AUTHORITY NtAuthority = SECURITY_NT_AUTHORITY;
    PSID AdministratorsGroup; 
    b = AllocateAndInitializeSid(
        &NtAuthority,
        2,
        SECURITY_BUILTIN_DOMAIN_RID,
        DOMAIN_ALIAS_RID_ADMINS,
        0, 0, 0, 0, 0, 0,
        &AdministratorsGroup); 
    if(b) 
    {
        if (!CheckTokenMembership( NULL, AdministratorsGroup, &b)) 
        {
             b = FALSE;
        } 
        FreeSid(AdministratorsGroup); 
    }
    
    return(b);
    }
  • 相关阅读:
    了解委托(Delegate)
    C#中事件的一些总结
    Devexpress Xtrareport 并排报表
    Xtrareport 交叉报表
    Xtrareport 多栏报表
    Xtrareport 报表的一些属性及控件
    UI前端开发都是做什么的以及html、css、php、js等究竟是神马关系
    url,href,src之间的区别
    join()的用法
    爬取百度百科
  • 原文地址:https://www.cnblogs.com/liujx2019/p/14633606.html
Copyright © 2011-2022 走看看