LookupAccountName The LookupAccountName function accepts the name of a system and an account as input. It retrieves a security identifier (SID) for the account and the name of the domain on which the account was found. BOOL LookupAccountName( LPCTSTR lpSystemName, // system name LPCTSTR lpAccountName, // account name PSID Sid, // security identifier LPDWORD cbSid, // size of security identifier LPTSTR DomainName, // domain name LPDWORD cbDomainName, // size of domain name PSID_NAME_USE peUse // SID-type indicator ); Parameters lpSystemName [in] Pointer to a null-terminated string specifying the system. This string can be the name of a remote computer. If this string is NULL, the account name is looked up on the local system. lpAccountName [in] Pointer to a null-terminated string specifying the account name. Sid [out] Pointer to a buffer receiving the SID structure that corresponds to the account name, pointed to by the lpAccountName parameter. If this parameter is NULL, the function returns the required buffer size. cbSid [in, out] Pointer to a variable. On input, this value specifies the size, in bytes, of the Sid buffer. If the function fails because the buffer is too small, this variable receives the required buffer size. If the Sid parameter is NULL, this parameter must be zero. DomainName [out] Pointer to a buffer receiving the name of the domain where the account name is found. If this parameter is NULL, the function returns the required buffer size. cbDomainName [in, out] Pointer to a variable. On input, this value specifies the size, in TCHARs, of the DomainName buffer. If the function fails because the buffer is too small, this variable receives the required buffer size, including the terminating null character. If the DomainName parameter is NULL, this parameter must be zero. peUse [out] Pointer to a SID_NAME_USE enumerated type indicating the type of the account when the function returns. Return Values If the function succeeds, the return value is nonzero.If the function fails, the return value is zero. To get extended error information, call GetLastError. Res The LookupAccountName function attempts to find a SID for the specified name by first checking a list of well-known SIDs. If the name does not correspond to a well-known SID, the function checks built-in and administratively defined local accounts. Next, the function checks the primary domain. If the name is not found there, trusted domains are checked. Windows 2000: In addition to lookup local accounts, local domain accounts, and explicitly trusted domain accounts, LookupAccountName can look up the name for any account in any domain in the Windows 2000 forest.
SID The security identifier (SID) structure is a variable-length structure used to uniquely identify users or groups.Applications are not to modify the SID structure directly. To create and manipulate a security identifier, use the functions listed in the See Also section. typedef struct _SID { BYTE Revision; BYTE SubAuthorityCount; SID_IDENTIFIER_AUTHORITY IdentifierAuthority; DWORD SubAuthority[ANYSIZE_ARRAY]; } SID; typedef PVOID PSID;
The LookupAccountName function accepts the name of a system and an account as input. It retrieves a security identifier (SID) for the account and the name of the domain on which the account was found. BOOL LookupAccountName(
LPCTSTR lpSystemName, // system name
LPCTSTR lpAccountName, // account name
PSID Sid, // security identifier
LPDWORD cbSid, // size of security identifier
LPTSTR DomainName, // domain name
LPDWORD cbDomainName, // size of domain name
PSID_NAME_USE peUse // SID-type indicator
);
Parameters
lpSystemName
[in] Pointer to a null-terminated string specifying the system. This string can be the name of a remote computer. If this string is NULL, the account name is looked up on the local system.
lpAccountName
[in] Pointer to a null-terminated string specifying the account name.
Sid
[out] Pointer to a buffer receiving the SID structure that corresponds to the account name, pointed to by the lpAccountName parameter. If this parameter is NULL, the function returns the required buffer size.
cbSid
[in, out] Pointer to a variable. On input, this value specifies the size, in bytes, of the Sid buffer. If the function fails because the buffer is too small, this variable receives the required buffer size. If the Sid parameter is NULL, this parameter must be zero.
DomainName
[out] Pointer to a buffer receiving the name of the domain where the account name is found. If this parameter is NULL, the function returns the required buffer size.
cbDomainName
[in, out] Pointer to a variable. On input, this value specifies the size, in TCHARs, of the DomainName buffer. If the function fails because the buffer is too small, this variable receives the required buffer size, including the terminating null character. If the DomainName parameter is NULL, this parameter must be zero.
peUse
[out] Pointer to a SID_NAME_USE enumerated type indicating the type of the account when the function returns.
Return Values
If the function succeeds, the return value is nonzero.If the function fails, the return value is zero. To get extended error information, call GetLastError. Res
The LookupAccountName function attempts to find a SID for the specified name by first checking a list of well-known SIDs. If the name does not correspond to a well-known SID, the function checks built-in and administratively defined local accounts. Next, the function checks the primary domain. If the name is not found there, trusted domains are checked. Windows 2000: In addition to lookup local accounts, local domain accounts, and explicitly trusted domain accounts, LookupAccountName can look up the name for any account in any domain in the Windows 2000 forest.
谢谢!
调用LookupAccountName()应该没问题,俺曾经用过
我只想判断当前用户是否管理员用户,请问具体该怎么用这个函数?
谢谢!
The security identifier (SID) structure is a variable-length structure used to uniquely identify users or groups.Applications are not to modify the SID structure directly. To create and manipulate a security identifier, use the functions listed in the See Also section. typedef struct _SID {
BYTE Revision;
BYTE SubAuthorityCount;
SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
DWORD SubAuthority[ANYSIZE_ARRAY];
} SID;
typedef PVOID PSID;
{
HANDLE hToken;
DWORD i, dwSize = 0, dwResult = 0;
PTOKEN_GROUPS pGroupInfo;
SID_NAME_USE SidType;
char lpName[MAX_NAME];
char lpDomain[MAX_NAME];
BYTE sidBuffer[100];
PSID pSID = (PSID)&sidBuffer;
SID_IDENTIFIER_AUTHORITY SIDAuth = SECURITY_NT_AUTHORITY;
// Open a handle to the access token for the calling process.
if (!OpenProcessToken( GetCurrentProcess(), TOKEN_QUERY, &hToken )) {
printf( "OpenProcessToken Error %u\n", GetLastError() );
return FALSE;
} /////////////
PTOKEN_USER pTokenUser; if(! GetTokenInformation(hToken, TokenUser, NULL, dwSize, &dwSize ) )
{
TRACE( "GetTokenInformation Error %u\n", GetLastError() );
//return FALSE;
} pTokenUser = (PTOKEN_USER) GlobalAlloc( GPTR, dwSize ); if(! GetTokenInformation(hToken, TokenUser, pTokenUser, dwSize, &dwSize ) )
{
TRACE( "GetTokenInformation Error %u\n", GetLastError() );
return FALSE;
}
GlobalFree(pTokenUser); PTOKEN_OWNER pTokenOwner; if(! GetTokenInformation(hToken, TokenOwner, NULL, dwSize, &dwSize ) )
{
TRACE( "GetTokenInformation Error %u\n", GetLastError() );
//return FALSE;
} pTokenOwner = (PTOKEN_OWNER) GlobalAlloc( GPTR, dwSize ); if(! GetTokenInformation(hToken, TokenOwner, pTokenOwner, dwSize, &dwSize ) )
{
TRACE( "GetTokenInformation Error %u\n", GetLastError() );
return FALSE;
}
GlobalFree(pTokenOwner);
/////////////
// Call GetTokenInformation to get the buffer size. if(!GetTokenInformation(hToken, TokenGroups, NULL, dwSize, &dwSize)) {
dwResult = GetLastError();
if( dwResult != ERROR_INSUFFICIENT_BUFFER ) {
printf( "GetTokenInformation Error %u\n", dwResult );
return FALSE;
}
} // Allocate the buffer. pGroupInfo = (PTOKEN_GROUPS) GlobalAlloc( GPTR, dwSize ); // Call GetTokenInformation again to get the group information. if(! GetTokenInformation(hToken, TokenGroups, pGroupInfo,
dwSize, &dwSize ) ) {
printf( "GetTokenInformation Error %u\n", GetLastError() );
return FALSE;
} // Create a SID for the BUILTIN\Administrators group. if(! AllocateAndInitializeSid( &SIDAuth, 2,
SECURITY_BUILTIN_DOMAIN_RID,
DOMAIN_ALIAS_RID_ADMINS,
0, 0, 0, 0, 0, 0,
&pSID) ) {
printf( "AllocateAndInitializeSid Error %u\n", GetLastError() );
return FALSE;
} // Loop through the group SIDs looking for the administrator SID. for(i=0; i<pGroupInfo->GroupCount; i++) {
if ( EqualSid(pSID, pGroupInfo->Groups[i].Sid) ) { // Lookup the account name and print it. dwSize = MAX_NAME;
if( !LookupAccountSid( NULL, pGroupInfo->Groups[i].Sid,
lpName, &dwSize, lpDomain,
&dwSize, &SidType ) ) {
dwResult = GetLastError();
if( dwResult == ERROR_NONE_MAPPED )
strcpy( lpName, "NONE_MAPPED" );
else {
printf("LookupAccountSid Error %u\n", GetLastError());
return FALSE;
}
}
char str[100]; sprintf(str, "Current user is a member of the %s\\%s group\n",
lpDomain, lpName );
AfxMessageBox(str); // Find out if the SID is enabled in the token
if (pGroupInfo->Groups[i].Attributes & SE_GROUP_ENABLED)
printf("The group SID is enabled.\n");
else if (pGroupInfo->Groups[i].Attributes &
SE_GROUP_USE_FOR_DENY_ONLY)
printf("The group SID is a deny-only SID.\n");
else
printf("The group SID is not enabled.\n");
}
} if (pSID)
FreeSid(pSID);
if ( pGroupInfo )
GlobalFree( pGroupInfo ); return TRUE;
}