|
[ IDE @ 26.01.2006. 15:03 ] @
[ X Files @ 26.01.2006. 16:28 ] @
Citat: (osim najociglednije metode da pokusas nesto upisati ili promijeniti na C disku... ) Pristupanje C disku nema veze sa admin pravima. Cak i obican 'User' mora imati pravo da 'nesto' radi. Kad ne bi nista mogao - bio i (l)user :). Probaj ovako: Code: #include <windows.h> #include <stdio.h> #define ACCESS_READ 1 #define ACCESS_WRITE 2 bool IsAdmin() { HANDLE hToken; DWORD dwStatus; DWORD dwAccessMask; DWORD dwAccessDesired; DWORD dwACLSize; DWORD dwStructureSize = sizeof ( PRIVILEGE_SET ); PACL pACL = NULL; PSID psidAdmin = NULL; BOOL bReturn = FALSE; PRIVILEGE_SET ps; GENERIC_MAPPING GenericMapping; PSECURITY_DESCRIPTOR psdAdmin = NULL; SID_IDENTIFIER_AUTHORITY SystemSidAuthority = SECURITY_NT_AUTHORITY; __try { // AccessCheck() requires an impersonation token. ImpersonateSelf( SecurityImpersonation ); if ( !OpenThreadToken ( GetCurrentThread(), TOKEN_QUERY, FALSE, &hToken ) ) { if ( GetLastError() != ERROR_NO_TOKEN ) throw; // __leave; // If the thread does not have an access token, we'll // examine the access token associated with the process. if ( !OpenProcessToken ( GetCurrentProcess(), TOKEN_QUERY, &hToken ) ) throw; // __leave; } if ( !AllocateAndInitializeSid ( &SystemSidAuthority, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, &psidAdmin ) ) throw; // __leave; psdAdmin = LocalAlloc ( LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH ); if ( psdAdmin == NULL ) throw; // __leave; if ( !InitializeSecurityDescriptor ( psdAdmin, SECURITY_DESCRIPTOR_REVISION ) ) throw; // __leave; // Compute size needed for the ACL. dwACLSize = sizeof ( ACL ) + sizeof ( ACCESS_ALLOWED_ACE ) + GetLengthSid ( psidAdmin ) - sizeof ( DWORD ); // Allocate memory for ACL. pACL = (PACL)LocalAlloc( LPTR, dwACLSize ); if (pACL == NULL) throw; // __leave; // Initialize the new ACL. if ( !InitializeAcl( pACL, dwACLSize, ACL_REVISION2 ) ) throw; // __leave; dwAccessMask = ACCESS_READ | ACCESS_WRITE; // Add the access-allowed ACE to the DACL. if ( !AddAccessAllowedAce ( pACL, ACL_REVISION2, dwAccessMask, psidAdmin ) ) throw; // __leave; // Set our DACL to the SD. if ( !SetSecurityDescriptorDacl( psdAdmin, TRUE, pACL, FALSE ) ) throw; // __leave; // AccessCheck is sensitive about what is in the SD; set // the group and owner. SetSecurityDescriptorGroup( psdAdmin, psidAdmin, FALSE ); SetSecurityDescriptorOwner( psdAdmin, psidAdmin, FALSE ); if ( !IsValidSecurityDescriptor( psdAdmin ) ) throw; // __leave; dwAccessDesired = ACCESS_READ; // // Initialize GenericMapping structure even though we // won't be using generic rights. // GenericMapping.GenericRead = ACCESS_READ; GenericMapping.GenericWrite = ACCESS_WRITE; GenericMapping.GenericExecute = 0; GenericMapping.GenericAll = ACCESS_READ | ACCESS_WRITE; if ( !AccessCheck( psdAdmin, hToken, dwAccessDesired, &GenericMapping, &ps, &dwStructureSize, &dwStatus, &bReturn ) ) { //printf( "AccessCheck() failed with error %lu\n", GetLastError() ); throw; // __leave; } RevertToSelf(); } __finally { // Cleanup if ( pACL ) LocalFree( pACL ); if ( psdAdmin ) LocalFree ( psdAdmin ); if ( psidAdmin ) FreeSid ( psidAdmin ); } return bReturn; } [ mnesa @ 27.01.2006. 12:44 ] @
Slicno prethodnom postu, ali sa ispitivanjem i Power user.
Code: ATL_NOINLINE inline BOOL HasUserPrivilege(DWORD DOMAIN_ALIAS_RID) { BOOL b; SID_IDENTIFIER_AUTHORITY NtAuthority = SECURITY_NT_AUTHORITY; PSID PrivilegeGroup; b = AllocateAndInitializeSid( &NtAuthority, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID, 0, 0, 0, 0, 0, 0, &PrivilegeGroup); if(b) { if (!CheckTokenMembership( NULL, PrivilegeGroup, &b)) { b = FALSE; } FreeSid(PrivilegeGroup); } return(b); } ATL_NOINLINE inline BOOL IsAdminOrPowerUser() { if(HasUserPrivilege(DOMAIN_ALIAS_RID_ADMINS) || HasUserPrivilege(DOMAIN_ALIAS_RID_POWER_USERS) ) return TRUE; else return FALSE; } [Ovu poruku je menjao mnesa dana 27.01.2006. u 13:45 GMT+1] Copyright (C) 2001-2025 by www.elitesecurity.org. All rights reserved.
|
)