CodeGuru Home VC++ / MFC / C++ .NET / C# Visual Basic VB Forums Developer.com
Results 1 to 6 of 6

Threaded View

  1. July 7th, 2010, 06:20 PM #4
    ahmd
    ahmd is offline Senior Member
    Join Date
    Feb 2009
    Location
    Portland, OR
    Posts
    1,488

    Re: Guest user restriction

    Quote Originally Posted by ninja9578 View Post
    Code:
    void IsGuest(){
     char username[100];
     if (!GetUserName(sizeof(username), &username)) exit(0);  //couldn't figure it out, probably wanna exit
     if (strcmp(username, "Guest") == 0) exit(0);
}
    ?
    This is a completely wrong approach. The reason being is that one has to rely on the information provided in the token for a process and not on the user's name. What would happen if you ran this code on a machine with French installed as a default language?

    The correct way would be to get the token of a current process, and then see if its SID contains RID_GUESTS. Here's how it may be implemented (sample taken off the web):
    Code:
    #include <tchar.h>
#include <Windows.h>

int _tmain(int argc, _TCHAR* argv[])
{
    bool isOk = false;
    bool userIsGuest;

    HANDLE process = GetCurrentProcess();
    HANDLE userToken = NULL;
    HANDLE userTokenDupe = NULL;

    PSID guestsGroupSid = NULL;

    do
    {
        if (!OpenProcessToken(process, TOKEN_DUPLICATE | TOKEN_QUERY, &userToken))
        {
            _tprintf(_T("OpenProcessToken failed (&#37;d).\n"), GetLastError());
            break;
        }

        if (!DuplicateToken(
            userToken,
            SecurityIdentification,
            &userTokenDupe))
        {
            _tprintf(_T("DuplicateToken failed (%d).\n"), GetLastError());
            break;
        }

        SID_IDENTIFIER_AUTHORITY ntAuth = SECURITY_NT_AUTHORITY;
        if (!AllocateAndInitializeSid(
            &ntAuth,
            2,
            SECURITY_BUILTIN_DOMAIN_RID,
            DOMAIN_ALIAS_RID_GUESTS,
            0, 0, 0, 0, 0, 0,
            &guestsGroupSid))
        {
            _tprintf(_T("AllocateAndInitializeSid failed (%d).\n"), GetLastError());
            break;
        }

        BOOL isMember;
        if (!CheckTokenMembership(userTokenDupe, guestsGroupSid, &isMember))
        {
            _tprintf(_T("CheckTokenMembership failed (%d).\n"), GetLastError());
            break;
        }

        userIsGuest = (isMember != 0) ? true : false;
        isOk = true;
    } while (false);

    if (guestsGroupSid)
    {
        FreeSid(guestsGroupSid);
    }

    if (userTokenDupe)
    {
        CloseHandle(userTokenDupe);
    }

    if (userToken)
    {
        CloseHandle(userToken);
    }

    if (!isOk)
    {
        _tprintf(_T("Nope, that didn't work.\n"));
        return 1;
    }

    _tprintf(
        _T("User (of this process) %s a member of the Guests group.\n"),
        (userIsGuest ? _T("is") : _T("is not")));
	return 0;
}
    Keep in mind though that if an admin requests elevation of your process it will no longer be running in a context of a Guests group.
    Last edited by ahmd; July 7th, 2010 at 07:48 PM.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules




Click Here to Expand Forum to Full Width

Featured