-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathVerifyUserInAdminGroup.c
More file actions
81 lines (68 loc) · 2.08 KB
/
VerifyUserInAdminGroup.c
File metadata and controls
81 lines (68 loc) · 2.08 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
#include <windows.h>
#include <versionhelpers.h>
BOOL IsUserInAdminGroup() {
HANDLE hProcess = NULL;
HANDLE hProcessToken = NULL;
BOOL fIsAdmin = FALSE;
// get handle to our process token
hProcess = GetCurrentProcess();
if (!OpenProcessToken(hProcess, TOKEN_QUERY, &hProcessToken)) {
//GetLastError();
//Error place 1
goto Exit;
}
// get admin SID
char AdminSID[SECURITY_MAX_SID_SIZE];
DWORD dwLength = sizeof(AdminSID);
if (!CreateWellKnownSid(WinBuiltinAdministratorsSid, NULL, &AdminSID, &dwLength)) {
//GetLastError();
//Error place 2
goto Exit;
}
// check to see if the current token contains admin SID
if (!CheckTokenMembership(NULL, &AdminSID, &fIsAdmin)) {
//GetLastError();
//Error place 3
goto Exit;
}
if (fIsAdmin) {
// --------------> The user is in admin group and the process is elevated. <--------------
goto Exit;
}
// if the current token does not contain admin SID, it does not mean
// that the current user is not admin. In Vista by default the token of
// users in administrator group has the the admin SID filtered. We nee
// to use the unfiltered token to do the check.
// XP and below, we are done.
if (!IsWindowsVistaOrGreater()) {
// --------------> The user is not in admin group. <--------------
goto Exit;
}
HANDLE hLinkedToken = NULL;
// get handle to linked token (will have one if we are lua)
if (!GetTokenInformation(hProcessToken, TokenLinkedToken, (VOID *)&hLinkedToken, sizeof(HANDLE), &dwLength)) {
DWORD err = GetLastError();
if (err == ERROR_NO_SUCH_LOGON_SESSION || err == ERROR_PRIVILEGE_NOT_HELD) {
// --------------> The user is not in admin group. <--------------
}
//err - error code
//Error place 5
goto Exit;
}
if (!CheckTokenMembership(hLinkedToken, &AdminSID, &fIsAdmin)) {
//GetLastError();
//Error place 6
}
CloseHandle(hLinkedToken);
Exit:
CloseHandle(hProcessToken);
CloseHandle(hProcess);
/*
if (fIsAdmin) {
// --------------> The user is in admin group. <--------------
} else {
// --------------> The user is not in admin group. <--------------
}
*/
return fIsAdmin;
}