Find current users active directory group C++

限于喜欢 提交于 2019-12-06 13:18:45

问题


How would I go about querying what active directory group the currently logged in user belongs to? I am assuming it will be through LDAP but I havnt been able to find much on how to get this particular information.

I have put together some code but im not quite sure what I need to do next

    // Open the access token associated with the calling process.
if (OpenProcessToken(GetCurrentProcess(),
                     TOKEN_QUERY,
                     &hToken) == FALSE)
{
    dwErrorCode = GetLastError();
    wprintf(L"OpenProcessToken failed. GetLastError returned: %d\n", dwErrorCode);
    return HRESULT_FROM_WIN32(dwErrorCode);
}

// Retrieve the token information in a TOKEN_USER structure.
GetTokenInformation(hToken,
                    TokenUser,      // Request for a TOKEN_USER structure.
                    NULL,
                    0,
                    &dwBufferSize);

pTokenUser = (PTOKEN_USER) new BYTE[dwBufferSize];
memset(pTokenUser, 0, dwBufferSize);
if (GetTokenInformation(hToken,
                        TokenUser,
                        pTokenUser,
                        dwBufferSize,
                        &dwBufferSize))
{
    CloseHandle(hToken);
}
else
{
    dwErrorCode = GetLastError();
    wprintf(L"GetTokenInformation failed. GetLastError returned: %d\n", dwErrorCode);
    return HRESULT_FROM_WIN32(dwErrorCode);
}

if (IsValidSid(pTokenUser->User.Sid) == FALSE)
{
    wprintf(L"The owner SID is invalid.\n");
    delete [] pTokenUser;
}

回答1:


In your particular case I think you can do without any LDAP calls. Here's a suggestion:

  • use GetCurrentProcessId and OpenProcess to get a handle to the current process
  • call OpenProcessToken on that handle to open the access token associated with the current process
  • call GetTokenInformation on that access token, with a token information class of TokenGroups
  • the resulting TOKEN_GROUPS structure contains a list with the SIDs and attributes of all the groups in the access token
  • call LookupAccountSid on the SID of each group in the list to obtain its name

MSDN should provide more detailed information about the calls mentioned above.



来源:https://stackoverflow.com/questions/3505336/find-current-users-active-directory-group-c

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!