#include "precomp.h" #pragma hdrstop BOOL IsUserAdmin( VOID ) /*++ Routine Description: This routine returns TRUE if the caller's process is a member of the Administrators local group. Caller is NOT expected to be impersonating anyone and IS expected to be able to open their own process and process token. Arguments: None. Return Value: TRUE - Caller has Administrators local group. FALSE - Caller does not have Administrators local group. --*/ { HANDLE Token; DWORD BytesRequired; PTOKEN_GROUPS Groups; BOOL b; DWORD i; SID_IDENTIFIER_AUTHORITY NtAuthority = SECURITY_NT_AUTHORITY; PSID AdministratorsGroup; // // On non-NT platforms the user is administrator. // if(!ISNT()) { return(TRUE); } // // Open the process token. // if(!OpenProcessToken(GetCurrentProcess(),TOKEN_QUERY,&Token)) { return(FALSE); } b = FALSE; Groups = NULL; // // Get group information. // if(!GetTokenInformation(Token,TokenGroups,NULL,0,&BytesRequired) && (GetLastError() == ERROR_INSUFFICIENT_BUFFER) && (Groups = (PTOKEN_GROUPS)LocalAlloc(LPTR,BytesRequired)) && GetTokenInformation(Token,TokenGroups,Groups,BytesRequired,&BytesRequired)) { b = AllocateAndInitializeSid( &NtAuthority, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, &AdministratorsGroup ); if(b) { // // See if the user has the administrator group. // b = FALSE; for(i=0; iGroupCount; i++) { if(EqualSid(Groups->Groups[i].Sid,AdministratorsGroup)) { b = TRUE; break; } } FreeSid(AdministratorsGroup); } } // // Clean up and return. // if(Groups) { LocalFree((HLOCAL)Groups); } CloseHandle(Token); return(b); } BOOL DoesUserHavePrivilege( PTSTR PrivilegeName ) /*++ Routine Description: This routine returns TRUE if the caller's process has the specified privilege. The privilege does not have to be currently enabled. This routine is used to indicate whether the caller has the potential to enable the privilege. Caller is NOT expected to be impersonating anyone and IS expected to be able to open their own process and process token. Arguments: Privilege - the name form of privilege ID (such as SE_SECURITY_NAME). Return Value: TRUE - Caller has the specified privilege. FALSE - Caller does not have the specified privilege. --*/ { HANDLE Token; ULONG BytesRequired; PTOKEN_PRIVILEGES Privileges; BOOL b; DWORD i; LUID Luid; // // On non-NT platforms the user has all privileges // if(!ISNT()) { return(TRUE); } // // Open the process token. // if(!OpenProcessToken(GetCurrentProcess(),TOKEN_QUERY,&Token)) { return(FALSE); } b = FALSE; Privileges = NULL; // // Get privilege information. // if(!GetTokenInformation(Token,TokenPrivileges,NULL,0,&BytesRequired) && (GetLastError() == ERROR_INSUFFICIENT_BUFFER) && (Privileges = (PTOKEN_PRIVILEGES)LocalAlloc(LPTR,BytesRequired)) && GetTokenInformation(Token,TokenPrivileges,Privileges,BytesRequired,&BytesRequired) && LookupPrivilegeValue(NULL,PrivilegeName,&Luid)) { // // See if we have the requested privilege // for(i=0; iPrivilegeCount; i++) { if(!memcmp(&Luid,&Privileges->Privileges[i].Luid,sizeof(LUID))) { b = TRUE; break; } } } // // Clean up and return. // if(Privileges) { LocalFree((HLOCAL)Privileges); } CloseHandle(Token); return(b); } BOOL EnablePrivilege( IN PTSTR PrivilegeName, IN BOOL Enable ) { HANDLE Token; BOOL b; TOKEN_PRIVILEGES NewPrivileges; LUID Luid; // // On non-NT platforms the user already has all privileges // if(!ISNT()) { return(TRUE); } if(!OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES,&Token)) { return(FALSE); } if(!LookupPrivilegeValue(NULL,PrivilegeName,&Luid)) { CloseHandle(Token); return(FALSE); } NewPrivileges.PrivilegeCount = 1; NewPrivileges.Privileges[0].Luid = Luid; NewPrivileges.Privileges[0].Attributes = Enable ? SE_PRIVILEGE_ENABLED : 0; b = AdjustTokenPrivileges( Token, FALSE, &NewPrivileges, 0, NULL, NULL ); CloseHandle(Token); return(b); }