You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
171 lines
6.0 KiB
171 lines
6.0 KiB
//+----------------------------------------------------------------------------
|
|
//
|
|
// File: MemberOfGroup.cpp
|
|
//
|
|
// Module: Common Code
|
|
//
|
|
// Synopsis: Implements the function IsMemberOfGroup (plus accessor functions).
|
|
//
|
|
// Copyright (c) 2002 Microsoft Corporation
|
|
//
|
|
// Author: SumitC Created 26-Jan-2002
|
|
//
|
|
//-----------------------------------------------------------------------------
|
|
|
|
//+----------------------------------------------------------------------------
|
|
//
|
|
// Function: IsMemberOfGroup
|
|
//
|
|
// Synopsis: This function return TRUE if the current user is a member of
|
|
// the passed and FALSE passed in Group RID.
|
|
//
|
|
// Arguments: DWORD dwGroupRID -- the RID of the group to check membership of
|
|
// BOOL bUseBuiltinDomainRid -- whether the SECURITY_BUILTIN_DOMAIN_RID
|
|
// RID should be used to build the Group
|
|
// SID
|
|
//
|
|
// Returns: BOOL - TRUE if the user is a member of the specified group
|
|
//
|
|
// History: quintinb Shamelessly stolen from MSDN 02/19/98
|
|
// quintinb Reworked and renamed 06/18/99
|
|
// to apply to more than just Admins
|
|
// quintinb Rewrote to use CheckTokenMemberShip 08/18/99
|
|
// since the MSDN method was no longer
|
|
// correct on NT5 -- 389229
|
|
// tomkel Taken from cmstp and modified for use 05/09/2001
|
|
// in cmdial
|
|
// sumitc Made common code 01/26/2002
|
|
//
|
|
//+----------------------------------------------------------------------------
|
|
BOOL IsMemberOfGroup(DWORD dwGroupRID, BOOL bUseBuiltinDomainRid)
|
|
{
|
|
PSID psidGroup = NULL;
|
|
SID_IDENTIFIER_AUTHORITY siaNtAuthority = SECURITY_NT_AUTHORITY;
|
|
BOOL bSuccess = FALSE;
|
|
|
|
if (OS_NT5)
|
|
{
|
|
//
|
|
// Make a SID for the Group we are checking for, Note that we if we need the Built
|
|
// in Domain RID (for Groups like Administrators, PowerUsers, Users, etc)
|
|
// then we will have two entries to pass to AllocateAndInitializeSid. Otherwise,
|
|
// (for groups like Authenticated Users) we will only have one.
|
|
//
|
|
BYTE byNum;
|
|
DWORD dwFirstRID;
|
|
DWORD dwSecondRID;
|
|
|
|
if (bUseBuiltinDomainRid)
|
|
{
|
|
byNum = 2;
|
|
dwFirstRID = SECURITY_BUILTIN_DOMAIN_RID;
|
|
dwSecondRID = dwGroupRID;
|
|
}
|
|
else
|
|
{
|
|
byNum = 1;
|
|
dwFirstRID = dwGroupRID;
|
|
dwSecondRID = 0;
|
|
}
|
|
|
|
if (AllocateAndInitializeSid(&siaNtAuthority, byNum, dwFirstRID, dwSecondRID,
|
|
0, 0, 0, 0, 0, 0, &psidGroup))
|
|
|
|
{
|
|
//
|
|
// Now we need to dynamically load the CheckTokenMemberShip API from
|
|
// advapi32.dll since it is a Win2k only API.
|
|
//
|
|
|
|
// some modules using this may have advapi32 loaded already...
|
|
HMODULE hAdvapi = GetModuleHandleA("advapi32.dll");
|
|
|
|
if (NULL == hAdvapi)
|
|
{
|
|
// ... if they don't, load it.
|
|
hAdvapi = LoadLibraryExA("advapi32.dll", NULL, 0);
|
|
}
|
|
|
|
if (hAdvapi)
|
|
{
|
|
typedef BOOL (WINAPI *pfnCheckTokenMembershipSpec)(HANDLE, PSID, PBOOL);
|
|
pfnCheckTokenMembershipSpec pfnCheckTokenMembership;
|
|
|
|
pfnCheckTokenMembership = (pfnCheckTokenMembershipSpec)GetProcAddress(hAdvapi, "CheckTokenMembership");
|
|
|
|
if (pfnCheckTokenMembership)
|
|
{
|
|
//
|
|
// Check to see if the user is actually a member of the group in question
|
|
//
|
|
if (!(pfnCheckTokenMembership)(NULL, psidGroup, &bSuccess))
|
|
{
|
|
bSuccess = FALSE;
|
|
CMASSERTMSG(FALSE, TEXT("CheckTokenMemberShip Failed."));
|
|
}
|
|
}
|
|
else
|
|
{
|
|
CMASSERTMSG(FALSE, TEXT("IsMemberOfGroup -- GetProcAddress failed for CheckTokenMemberShip"));
|
|
}
|
|
}
|
|
else
|
|
{
|
|
CMASSERTMSG(FALSE, TEXT("IsMemberOfGroup -- Unable to get the module handle for advapi32.dll"));
|
|
}
|
|
|
|
FreeSid (psidGroup);
|
|
|
|
if (hAdvapi)
|
|
{
|
|
FreeLibrary(hAdvapi);
|
|
}
|
|
}
|
|
}
|
|
|
|
return bSuccess;
|
|
}
|
|
|
|
|
|
|
|
//+----------------------------------------------------------------------------
|
|
//
|
|
// Function: IsAdmin
|
|
//
|
|
// Synopsis: Check to see if the user is a member of the Administrators group
|
|
// or not.
|
|
//
|
|
// Arguments: None
|
|
//
|
|
// Returns: BOOL - TRUE if the current user is an Administrator
|
|
//
|
|
// History: quintinb Created Header 8/18/99
|
|
// tomkel Taken from cmstp 05/09/2001
|
|
// sumitc Made common code 01/26/2002
|
|
//
|
|
//+----------------------------------------------------------------------------
|
|
BOOL IsAdmin(VOID)
|
|
{
|
|
return IsMemberOfGroup(DOMAIN_ALIAS_RID_ADMINS, TRUE); // TRUE == bUseBuiltinDomainRid
|
|
}
|
|
|
|
//+----------------------------------------------------------------------------
|
|
//
|
|
// Function: IsAuthenticatedUser
|
|
//
|
|
// Synopsis: Check to see if the current user is a member of the
|
|
// Authenticated Users group.
|
|
//
|
|
// Arguments: None
|
|
//
|
|
// Returns: BOOL - TRUE if the current user is a member of the
|
|
// Authenticated Users group.
|
|
//
|
|
// History: quintinb Created Header 8/18/99
|
|
// sumitc Made common code 01/26/2002
|
|
//
|
|
//+----------------------------------------------------------------------------
|
|
BOOL IsAuthenticatedUser(void)
|
|
{
|
|
return IsMemberOfGroup(SECURITY_AUTHENTICATED_USER_RID, FALSE); // FALSE == bUseBuiltinDomainRid
|
|
}
|