自学教程：C++ FreeSid函数代码示例

static gboolean ProtectMachine (gunichar2 *path){	PSID pEveryoneSid = GetEveryoneSid ();	PSID pAdminsSid = GetAdministratorsSid ();	DWORD retval = -1;	if (pEveryoneSid && pAdminsSid) {		PACL pDACL = NULL;		EXPLICIT_ACCESS ea [2];		ZeroMemory (&ea, 2 * sizeof (EXPLICIT_ACCESS));		/* grant all access to the BUILTIN/Administrators group */		BuildTrusteeWithSidW (&ea [0].Trustee, pAdminsSid);		ea [0].grfAccessPermissions = GENERIC_ALL;		ea [0].grfAccessMode = SET_ACCESS;		ea [0].grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT;		ea [0].Trustee.TrusteeForm = TRUSTEE_IS_SID;		ea [0].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;		/* read-only access everyone */		BuildTrusteeWithSidW (&ea [1].Trustee, pEveryoneSid);		ea [1].grfAccessPermissions = GENERIC_READ;		ea [1].grfAccessMode = SET_ACCESS;		ea [1].grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT;		ea [1].Trustee.TrusteeForm = TRUSTEE_IS_SID;		ea [1].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;		retval = SetEntriesInAcl (2, ea, NULL, &pDACL);		if (retval == ERROR_SUCCESS) {			/* with PROTECTED_DACL_SECURITY_INFORMATION we */			/* remove any existing ACL (like inherited ones) */			retval = SetNamedSecurityInfo (path, SE_FILE_OBJECT, 				DACL_SECURITY_INFORMATION | PROTECTED_DACL_SECURITY_INFORMATION,				NULL, NULL, pDACL, NULL);		}		if (pDACL)			LocalFree (pDACL);	}	if (pEveryoneSid)		FreeSid (pEveryoneSid);	if (pAdminsSid)		FreeSid (pAdminsSid);	return (retval == ERROR_SUCCESS);}

static BOOL is_token_admin(HANDLE token){    PSID administrators = NULL;    SID_IDENTIFIER_AUTHORITY nt_authority = { SECURITY_NT_AUTHORITY };    DWORD groups_size;    PTOKEN_GROUPS groups;    DWORD group_index;    /* Create a well-known SID for the Administrators group. */    if (! AllocateAndInitializeSid(&nt_authority, 2, SECURITY_BUILTIN_DOMAIN_RID,                                   DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0,                                   &administrators))        return FALSE;    /* Get the group info from the token */    groups_size = 0;    GetTokenInformation(token, TokenGroups, NULL, 0, &groups_size);    groups = HeapAlloc(GetProcessHeap(), 0, groups_size);    if (groups == NULL)    {        FreeSid(administrators);        return FALSE;    }    if (! GetTokenInformation(token, TokenGroups, groups, groups_size, &groups_size))    {        HeapFree(GetProcessHeap(), 0, groups);        FreeSid(administrators);        return FALSE;    }    /* Now check if the token groups include the Administrators group */    for (group_index = 0; group_index < groups->GroupCount; group_index++)    {        if (EqualSid(groups->Groups[group_index].Sid, administrators))        {            HeapFree(GetProcessHeap(), 0, groups);            FreeSid(administrators);            return TRUE;        }    }    /* If we end up here we didn't find the Administrators group */    HeapFree(GetProcessHeap(), 0, groups);    FreeSid(administrators);    return FALSE;}

JBooleanJUserIsAdmin(){	HANDLE tokenHandle;	if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &tokenHandle))		{		return kJFalse;		}	DWORD returnLength;	GetTokenInformation(tokenHandle, TokenGroups, NULL, 0, &returnLength);	if (returnLength > 65535)		{		CloseHandle(tokenHandle);		return kJFalse;		}	TOKEN_GROUPS* groupList = (TOKEN_GROUPS*) malloc(returnLength);	if (groupList == NULL)		{		CloseHandle(tokenHandle);		return kJFalse;		}	if (!GetTokenInformation(tokenHandle, TokenGroups,							 groupList, returnLength, &returnLength))		{		CloseHandle(tokenHandle);		free(groupList);		return kJFalse;		}	CloseHandle(tokenHandle);	SID_IDENTIFIER_AUTHORITY siaNtAuth = SECURITY_NT_AUTHORITY;	PSID adminSid;	if (!AllocateAndInitializeSid(&siaNtAuth, 2, SECURITY_BUILTIN_DOMAIN_RID,								  DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0,								  &adminSid))		{		free(groupList);		return kJFalse;		}	JBoolean found = kJFalse;	for (DWORD i = 0; i < groupList->GroupCount; i++)		{		if (EqualSid(adminSid, groupList->Groups[i].Sid))			{			found = kJTrue;			break;			}		}	FreeSid(adminSid);	free(groupList);	return found;}

int mkdir(const std::string& folder, bool recursive){#if defined(_WIN32)||defined(_WIN_32)    int res = CreateDirectoryA(folder.c_str(),NULL);    if (res==0){        if (GetLastError()==ERROR_PATH_NOT_FOUND && recursive){            std::string parfold = parentFolder(folder).name;            if (parfold.size()<folder.size()){                mkdir(parfold,recursive);                return mkdir(folder,false);//kinda silly, but should work just fine.            }        }        else if (GetLastError()==ERROR_ALREADY_EXISTS){            return 0;        }        return -1;    }    HANDLE hDir = CreateFileA(folder.c_str(),READ_CONTROL|WRITE_DAC,0,NULL,OPEN_EXISTING,FILE_FLAG_BACKUP_SEMANTICS,NULL);    if(hDir == INVALID_HANDLE_VALUE)    return FALSE;    ACL* pOldDACL;    PSECURITY_DESCRIPTOR pSD = NULL;    GetSecurityInfo(hDir, SE_FILE_OBJECT , DACL_SECURITY_INFORMATION,NULL, NULL, &pOldDACL, NULL, &pSD);    PSID pSid = NULL;    SID_IDENTIFIER_AUTHORITY authNt = SECURITY_NT_AUTHORITY;    AllocateAndInitializeSid(&authNt,2,SECURITY_BUILTIN_DOMAIN_RID,DOMAIN_ALIAS_RID_USERS,0,0,0,0,0,0,&pSid);    EXPLICIT_ACCESS ea={0};    ea.grfAccessMode = GRANT_ACCESS;    ea.grfAccessPermissions = GENERIC_ALL;    ea.grfInheritance = CONTAINER_INHERIT_ACE|OBJECT_INHERIT_ACE;    ea.Trustee.TrusteeType = TRUSTEE_IS_GROUP;    ea.Trustee.TrusteeForm = TRUSTEE_IS_SID;    ea.Trustee.ptstrName = (LPTSTR)pSid;    ACL* pNewDACL = 0;    DWORD err = SetEntriesInAcl(1,&ea,pOldDACL,&pNewDACL);    if(pNewDACL)    SetSecurityInfo(hDir,SE_FILE_OBJECT,DACL_SECURITY_INFORMATION,NULL, NULL, pNewDACL, NULL);    FreeSid(pSid);    LocalFree(pNewDACL);    LocalFree(pSD);    LocalFree(pOldDACL);    CloseHandle(hDir);    return 1;#else    return mkdir(folder.c_str());#endif // _WIN32}

sal_Bool SAL_CALL osl_isAdministrator(oslSecurity Security){    if (Security != NULL)	{		/* ts: on Window 95 systems any user seems to be an administrator */		if (!isWNT())		{			return(sal_True);		}		else		{			HANDLE						hImpersonationToken = NULL;			PSID 						psidAdministrators;			SID_IDENTIFIER_AUTHORITY 	siaNtAuthority = SECURITY_NT_AUTHORITY;			sal_Bool 					bSuccess = sal_False;			/* If Security contains an access token we need to duplicate it to an impersonation			   access token. NULL works with CheckTokenMembership() as the current effective			   impersonation token 			 */			if ( ((oslSecurityImpl*)Security)->m_hToken )			{				if ( !DuplicateToken (((oslSecurityImpl*)Security)->m_hToken, SecurityImpersonation, &hImpersonationToken) )					return sal_False;			}			/* CheckTokenMembership() can be used on W2K and higher (NT4 no longer supported by OOo)			   and also works on Vista to retrieve the effective user rights. Just checking for			   membership of Administrators group is not enough on Vista this would require additional			   complicated checks as described in KB arcticle Q118626: http://support.microsoft.com/kb/118626/en-us			*/			if (AllocateAndInitializeSid(&siaNtAuthority,										 2,			 							 SECURITY_BUILTIN_DOMAIN_RID,			 							 DOMAIN_ALIAS_RID_ADMINS,			 							 0, 0, 0, 0, 0, 0,			 							 &psidAdministrators))			{				BOOL	fSuccess = FALSE;				if ( CheckTokenMembership_Stub( hImpersonationToken, psidAdministrators, &fSuccess ) && fSuccess ) 					bSuccess = sal_True;				FreeSid(psidAdministrators); 			}			if ( hImpersonationToken )				CloseHandle( hImpersonationToken );			return (bSuccess);		}	}	else		return (sal_False);}

static void FreeSidEx(PSID oSID){	try	{		FreeSid(oSID);	} catch (...)	{	}}

BOOL uac::Am_I_In_Admin_Group(BOOL bCheckAdminMode /*= FALSE*/){	BOOL   fAdmin;	HANDLE  hThread;	TOKEN_GROUPS *ptg = NULL;	DWORD  cbTokenGroups;	DWORD  dwGroup;	PSID   psidAdmin;	SID_IDENTIFIER_AUTHORITY SystemSidAuthority = SECURITY_NT_AUTHORITY;	if (!OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, FALSE, &hThread))	{		if (GetLastError() == ERROR_NO_TOKEN)		{			if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY,				&hThread))				return (FALSE);		}		else			return (FALSE);	}	if (GetTokenInformation(hThread, TokenGroups, NULL, 0, &cbTokenGroups))		return (FALSE);	if (GetLastError() != ERROR_INSUFFICIENT_BUFFER)		return (FALSE);	if (!(ptg = (TOKEN_GROUPS*)_alloca(cbTokenGroups)))		return (FALSE);	if (!GetTokenInformation(hThread, TokenGroups, ptg, cbTokenGroups,		&cbTokenGroups))		return (FALSE);	if (!AllocateAndInitializeSid(&SystemSidAuthority, 2,		SECURITY_BUILTIN_DOMAIN_RID,		DOMAIN_ALIAS_RID_ADMINS,		0, 0, 0, 0, 0, 0, &psidAdmin))		return (FALSE);	fAdmin = FALSE;	for (dwGroup = 0; dwGroup < ptg->GroupCount; dwGroup++)	{		if (EqualSid(ptg->Groups[dwGroup].Sid, psidAdmin))		{			if (bCheckAdminMode)			{				if ((ptg->Groups[dwGroup].Attributes) & SE_GROUP_ENABLED)				{					fAdmin = TRUE;				}			}			else			{				fAdmin = TRUE;			}			break;		}	}	FreeSid(psidAdmin);	return (fAdmin);}

void check_admin() {  is_admin = false;  /* Lifted from MSDN examples */  PSID AdministratorsGroup;  SID_IDENTIFIER_AUTHORITY NtAuthority = SECURITY_NT_AUTHORITY;  if (! AllocateAndInitializeSid(&NtAuthority, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, &AdministratorsGroup)) return;  CheckTokenMembership(0, AdministratorsGroup, /*XXX*/(PBOOL) &is_admin);  FreeSid(AdministratorsGroup);}

ConnectionListener::ConnectionListener(const std::wstring &name, TelldusCore::EventRef waitEvent){	d = new PrivateData;	d->hEvent = 0;	d->running = true;	d->waitEvent = waitEvent;	d->pipename = L"////.//pipe//" + name;	PSECURITY_DESCRIPTOR pSD = NULL;	PACL pACL = NULL;	EXPLICIT_ACCESS ea;	PSID pEveryoneSID = NULL;	SID_IDENTIFIER_AUTHORITY SIDAuthWorld = SECURITY_WORLD_SID_AUTHORITY;	pSD = (PSECURITY_DESCRIPTOR) LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH); 	if (pSD == NULL) {		return;	}  	if (!InitializeSecurityDescriptor(pSD, SECURITY_DESCRIPTOR_REVISION)) {  		LocalFree(pSD);		return;	}	if(!AllocateAndInitializeSid(&SIDAuthWorld, 1, SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, &pEveryoneSID)) {		LocalFree(pSD);	}	ZeroMemory(&ea, sizeof(EXPLICIT_ACCESS));	ea.grfAccessPermissions = STANDARD_RIGHTS_ALL;	ea.grfAccessMode = SET_ACCESS;	ea.grfInheritance= NO_INHERITANCE;	ea.Trustee.TrusteeForm = TRUSTEE_IS_SID;	ea.Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;	ea.Trustee.ptstrName  = (LPTSTR) pEveryoneSID; 	// Add the ACL to the security descriptor. 	if (!SetSecurityDescriptorDacl(pSD, 				TRUE,     // bDaclPresent flag   				pACL, 				FALSE))   // not a default DACL 	{  		LocalFree(pSD);		FreeSid(pEveryoneSID);	}	d->sa.nLength = sizeof(SECURITY_ATTRIBUTES);	d->sa.lpSecurityDescriptor = pSD;	d->sa.bInheritHandle = false;	start();}

perm::~perm() {	if ( psid && must_freesid ) FreeSid(psid);		if ( Account_name ) {		delete[] Account_name;	}	if ( Domain_name ) {		delete[] Domain_name;	}}

void my_security_attr_free(SECURITY_ATTRIBUTES *sa){    if (sa)    {        My_security_attr *attr= (My_security_attr*)                                (((char*)sa) + ALIGN_SIZE(sizeof(*sa)));        FreeSid(attr->everyone_sid);        my_free(attr->dacl);        my_free(sa);    }}

static int vgsvcWinStart(void){    int rc = VINF_SUCCESS;    /*     * Create a well-known SID for the "Builtin Users" group and modify the ACE     * for the shared folders miniport redirector DN (whatever DN means).     */    PSID                     pBuiltinUsersSID = NULL;    SID_IDENTIFIER_AUTHORITY SIDAuthWorld     = SECURITY_LOCAL_SID_AUTHORITY;    if (AllocateAndInitializeSid(&SIDAuthWorld, 1, SECURITY_LOCAL_RID, 0, 0, 0, 0, 0, 0, 0, &pBuiltinUsersSID))    {        rc = vgsvcWinAddAceToObjectsSecurityDescriptor(TEXT("////.//VBoxMiniRdrDN"), SE_FILE_OBJECT,                                                       (LPTSTR)pBuiltinUsersSID, TRUSTEE_IS_SID,                                                       FILE_GENERIC_READ | FILE_GENERIC_WRITE, SET_ACCESS, NO_INHERITANCE);        /* If we don't find our "VBoxMiniRdrDN" (for Shared Folders) object above,           don't report an error; it just might be not installed. Otherwise this           would cause the SCM to hang on starting up the service. */        if (rc == VERR_FILE_NOT_FOUND || rc == VERR_PATH_NOT_FOUND)            rc = VINF_SUCCESS;        FreeSid(pBuiltinUsersSID);    }    else        rc = RTErrConvertFromWin32(GetLastError());    if (RT_SUCCESS(rc))    {        /*         * Start the service.         */        vgsvcWinSetStatus(SERVICE_START_PENDING, 0);        rc = VGSvcStartServices();        if (RT_SUCCESS(rc))        {            vgsvcWinSetStatus(SERVICE_RUNNING, 0);            VGSvcMainWait();        }        else        {            vgsvcWinSetStatus(SERVICE_STOPPED, 0);#if 0 /** @todo r=bird: Enable this if SERVICE_CONTROL_STOP isn't triggered automatically */            VGSvcStopServices();#endif        }    }    else        vgsvcWinSetStatus(SERVICE_STOPPED, 0);    if (RT_FAILURE(rc))        VGSvcError("Service failed to start with rc=%Rrc!/n", rc);    return rc;}

BOOL lsp_list_by_user(LSA_HANDLE lsa_handle, LPTSTR user){  LSA_ACCOUNT         account;  LSA_UNICODE_STRING* array;  ULONG               count;  ULONG               i;  NTSTATUS            nt_status;  PSID                sid;  if (!valid_user(lsa_handle, &sid, user))    return FALSE;  if (!lsa_account_from_sid(lsa_handle, sid, &account))  {    FreeSid(sid);    return FALSE;  }  print_string(L"Privileges for ");  print_account(&account);  print_string(L":/n");  nt_status = LsaEnumerateAccountRights(lsa_handle, sid, &array, &count);  if (nt_status != STATUS_SUCCESS)  {    FreeSid(sid);    return lsa_error(nt_status, L"LsaEnumerateAccountRights");  }  for(i=0; i<count; i++)  {        print_string(L" - ");    print_lsa_string(&array[i]);    print_string(L"/n");  }  LsaFreeMemory(array);  FreeSid(sid);  return TRUE;}

HRESULT AppContainerLauncherProcess(LPCWSTR app,LPCWSTR cmdArgs,LPCWSTR workDir){    wchar_t appContainerName[]=L"Phoenix.Container.AppContainer.Profile.v1.test";    wchar_t appContainerDisplayName[]=L"Phoenix.Container.AppContainer.Profile.v1.test/0";    wchar_t appContainerDesc[]=L"Phoenix Container Default AppContainer Profile  Test,Revision 1/0";	DeleteAppContainerProfile(appContainerName);///Remove this AppContainerProfile    std::vector<SID_AND_ATTRIBUTES> capabilities;    std::vector<SHARED_SID> capabilitiesSidList;    if(!MakeWellKnownSIDAttributes(capabilities,capabilitiesSidList))        return S_FALSE;    PSID sidImpl;    HRESULT hr=::CreateAppContainerProfile(appContainerName,        appContainerDisplayName,        appContainerDesc,        (capabilities.empty() ? NULL : &capabilities.front()), capabilities.size(), &sidImpl);    if(hr!=S_OK){		std::cout<<"CreateAppContainerProfile Failed"<<std::endl;		return hr;	}	wchar_t *psArgs=nullptr;    psArgs=_wcsdup(cmdArgs);    PROCESS_INFORMATION pi;	STARTUPINFOEX siex = { sizeof(STARTUPINFOEX) };    siex.StartupInfo.cb = sizeof(STARTUPINFOEXW);    SIZE_T cbAttributeListSize = 0;    BOOL bReturn = InitializeProcThreadAttributeList(        NULL, 3, 0, &cbAttributeListSize);    siex.lpAttributeList = (PPROC_THREAD_ATTRIBUTE_LIST)HeapAlloc(GetProcessHeap(), 0, cbAttributeListSize);    bReturn = InitializeProcThreadAttributeList(siex.lpAttributeList, 3, 0, &cbAttributeListSize);    SECURITY_CAPABILITIES sc;    sc.AppContainerSid = sidImpl;    sc.Capabilities = (capabilities.empty() ? NULL : &capabilities.front());    sc.CapabilityCount = capabilities.size();    sc.Reserved = 0;    if(UpdateProcThreadAttribute(siex.lpAttributeList, 0,        PROC_THREAD_ATTRIBUTE_SECURITY_CAPABILITIES,        &sc,        sizeof(sc) ,        NULL, NULL)==FALSE)    {        goto Cleanup;    }    BOOL bRet=CreateProcessW(app, psArgs, nullptr, nullptr,		FALSE, EXTENDED_STARTUPINFO_PRESENT, NULL, workDir, reinterpret_cast<LPSTARTUPINFOW>(&siex), &pi);    ::CloseHandle(pi.hThread);    ::CloseHandle(pi.hProcess);Cleanup:    DeleteProcThreadAttributeList(siex.lpAttributeList);	DeleteAppContainerProfile(appContainerName);    free(psArgs);    FreeSid(sidImpl);    return hr;}

VOIDIDMFreeSid(    PSID pSid    ){    if (!pSid || !IsValidSid(pSid))    {        return;    }    FreeSid(pSid);    return;}

static bool should_run(void){	static SID_IDENTIFIER_AUTHORITY authority = { SECURITY_NT_AUTHORITY };	PSID admin_sid;	BOOL is_admin;	cl_win32_pass(AllocateAndInitializeSid(&authority, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, &admin_sid));	cl_win32_pass(CheckTokenMembership(NULL, admin_sid, &is_admin));	FreeSid(admin_sid);	return is_admin ? true : false;}

/* * Free the SIDs for owner, primary group, and the Everyone group * in the _pr_nt_sids structure. * * This function needs to be called by NSPR cleanup. */void_PR_NT_FreeSids(void){    if (_pr_nt_sids.owner) {        PR_Free(_pr_nt_sids.owner);    }    if (_pr_nt_sids.group) {        PR_Free(_pr_nt_sids.group);    }    if (_pr_nt_sids.everyone) {        FreeSid(_pr_nt_sids.everyone);    }}

		~Data()		{			if (pACL)				LocalFree(pACL);			if (psdAdmin)				LocalFree(psdAdmin);			if (psidAdmin)				FreeSid(psidAdmin);			if (hImpersonationToken)				CloseHandle(hImpersonationToken);			if (hToken)				CloseHandle(hToken);		}

static void SetTokenObjectIntegrityLevel(DWORD dwIntegrityLevel){    SID_IDENTIFIER_AUTHORITY Sia = SECURITY_MANDATORY_LABEL_AUTHORITY;    SECURITY_DESCRIPTOR sd;    HANDLE hToken;    DWORD dwLength;    PACL pAcl;    PSID pSid;    // Do nothing on OSes where mandatory ACEs are not supported    if(pfnAddMandatoryAce == NULL)        return;    // Initialize blank security descriptor    if(!InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION))        return;    // Allocate mandatory label SID    if(!AllocateAndInitializeSid(&Sia, 1, dwIntegrityLevel, 0, 0, 0, 0, 0, 0, 0, &pSid))        return;    // Open current token    if(!OpenThreadToken(GetCurrentThread(), WRITE_OWNER, TRUE, &hToken))    {        if(GetLastError() == ERROR_NO_TOKEN)            OpenProcessToken(GetCurrentProcess(), WRITE_OWNER, &hToken);    }        // If succeeded, set the integrity level    if(hToken != NULL)    {        // Create ACL        dwLength = sizeof(ACL) + sizeof(SYSTEM_MANDATORY_LABEL_ACE) - sizeof(DWORD) + GetLengthSid(pSid);        pAcl = (PACL)HeapAlloc(g_hHeap, 0, dwLength);        if(pAcl != NULL)        {            if(InitializeAcl(pAcl, dwLength, ACL_REVISION))            {                if(pfnAddMandatoryAce(pAcl, ACL_REVISION, 0, SYSTEM_MANDATORY_LABEL_NO_WRITE_UP, pSid))                {                    NtSetSecurityObject(hToken, LABEL_SECURITY_INFORMATION, &sd);                }            }            HeapFree(g_hHeap, 0, pAcl);        }    }    FreeSid(pSid);}

QString DiagnosticsDialog::getUserRights() const{	SID_IDENTIFIER_AUTHORITY NtAuthority = SECURITY_NT_AUTHORITY;	PSID AdministratorsGroup = NULL;	HANDLE hToken = NULL;	DWORD dwIndex, dwLength = 0;	PTOKEN_GROUPS pGroup = NULL;	QString rights = tr( "User" );	if ( !OpenThreadToken( GetCurrentThread(), TOKEN_QUERY, TRUE, &hToken ) )	{		if ( GetLastError() != ERROR_NO_TOKEN )			return tr( "Unknown - error %1" ).arg( GetLastError() );		if ( !OpenProcessToken( GetCurrentProcess(), TOKEN_QUERY, &hToken ) )			return tr( "Unknown - error %1" ).arg( GetLastError() );	}	if ( !GetTokenInformation( hToken, TokenGroups, NULL, dwLength, &dwLength ) )	{		if( GetLastError() != ERROR_INSUFFICIENT_BUFFER )			return tr( "Unknown - error %1" ).arg( GetLastError() );	}	pGroup = (PTOKEN_GROUPS)GlobalAlloc( GPTR, dwLength );	if ( !GetTokenInformation( hToken, TokenGroups, pGroup, dwLength, &dwLength ) )	{		if ( pGroup )			GlobalFree( pGroup );		return tr( "Unknown - error %1" ).arg( GetLastError() );;	}	if( AllocateAndInitializeSid( &NtAuthority, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS,									0, 0, 0, 0, 0, 0, &AdministratorsGroup ) )	{		for ( dwIndex = 0; dwIndex < pGroup->GroupCount; dwIndex++ )		{			if ( EqualSid( AdministratorsGroup, pGroup->Groups[dwIndex].Sid ) )			{				rights = tr( "Administrator" );				break;			}		}	}	if ( AdministratorsGroup )		FreeSid( AdministratorsGroup );	if ( pGroup )		GlobalFree( pGroup );		return rights;}

bool IsUserAdmin(){  SID_IDENTIFIER_AUTHORITY NtAuthority = SECURITY_NT_AUTHORITY;  PSID AdministratorsGroup;   BOOL b = AllocateAndInitializeSid(&NtAuthority,2,SECURITY_BUILTIN_DOMAIN_RID,           DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, &AdministratorsGroup);   if (b)   {    if (!CheckTokenMembership( NULL, AdministratorsGroup, &b))       b = FALSE;    FreeSid(AdministratorsGroup);   }  return b!=FALSE;}

NOEXPORT BOOL is_admin(void) {    SID_IDENTIFIER_AUTHORITY NtAuthority={SECURITY_NT_AUTHORITY};    PSID admin_group;    BOOL retval;    retval=AllocateAndInitializeSid(&NtAuthority, 2,        SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS,        0, 0, 0, 0, 0, 0, &admin_group);    if(retval) {        if(!CheckTokenMembership(NULL, admin_group, &retval))            retval=FALSE;        FreeSid(admin_group);    }    return retval;}

bool TopMenu::runningElevated(){   // Dynamically link for CheckTokenMembership   HINSTANCE hinstLib;    typedef BOOL (WINAPI* DynCheckTokenMembership)(HANDLE,PSID,PBOOL);   DynCheckTokenMembership pCheckTokenMembership;   BOOL fRunTimeLinkSuccess = FALSE;    // Get a handle to the DLL module.   hinstLib = LoadLibrary(TEXT("Advapi32.dll"));    // If the handle is valid, try to get the function address.   if (hinstLib == NULL) {       return true;   }   pCheckTokenMembership = (DynCheckTokenMembership) GetProcAddress(hinstLib, "CheckTokenMembership");    if (pCheckTokenMembership == NULL) {      FreeLibrary(hinstLib);       return true;   }   // Prepare for membership check   BOOL b;   SID_IDENTIFIER_AUTHORITY NtAuthority = SECURITY_NT_AUTHORITY;   PSID AdministratorsGroup;    b = AllocateAndInitializeSid(         &NtAuthority,         2,         SECURITY_BUILTIN_DOMAIN_RID,         DOMAIN_ALIAS_RID_ADMINS,         0, 0, 0, 0, 0, 0,         &AdministratorsGroup);    if(b) {      if (!pCheckTokenMembership(NULL, AdministratorsGroup, &b)) {         b = FALSE;      }       VERIFY(FreeSid(AdministratorsGroup) == NULL);    }   // Free the DLL module.   FreeLibrary(hinstLib);    return b != FALSE;}

UINT __stdcall CheckAdministratorPrivileges(MSIHANDLE hInstall){	HRESULT hr = S_OK;	UINT er = ERROR_SUCCESS;	hr = WcaInitialize(hInstall, "CheckAdministratorPrivileges");	ExitOnFailure(hr, "Failed to initialize");	WcaLog(LOGMSG_STANDARD, "Initialized.");	///	SID_IDENTIFIER_AUTHORITY NtAuthority = SECURITY_NT_AUTHORITY;	PSID AdministratorsGroup;	// Initialize SID.	if( !AllocateAndInitializeSid( &NtAuthority,								   2,								   SECURITY_BUILTIN_DOMAIN_RID,								   DOMAIN_ALIAS_RID_ADMINS,								   0, 0, 0, 0, 0, 0,								   &AdministratorsGroup))	{		// Initializing SID Failed.		//return false;		hr = E_FAIL;		ExitOnFailure(hr, "Initializing SID Failed");	}	// Check whether the token is present in admin group.	BOOL IsInAdminGroup = FALSE;	if( !CheckTokenMembership( NULL,							   AdministratorsGroup,							   &IsInAdminGroup ))	{		// Error occurred.		IsInAdminGroup = FALSE;	}	// Free SID and return.	FreeSid(AdministratorsGroup);	//return IsInAdminGroup;	if (!IsInAdminGroup)		hr = E_FAIL;	MsiSetProperty (hInstall, L"USER_IS_ADMINISTRATOR", IsInAdminGroup ? L"1" : L"0");	///LExit:	er = SUCCEEDED(hr) ? ERROR_SUCCESS : ERROR_INSTALL_FAILURE;	return WcaFinalize(er);}

BOOL IsCurrentUserAdmin()  {    	HANDLE hAccessToken;    	BYTE * InfoBuffer = new BYTE[1024];    	PTOKEN_GROUPS ptgGroups;    	DWORD dwInfoBufferSize;    	PSID psidAdministrators;    	SID_IDENTIFIER_AUTHORITY siaNtAuthority = SECURITY_NT_AUTHORITY;    	if(!OpenProcessToken(GetCurrentProcess(),TOKEN_QUERY,&hAccessToken))    	{    		delete InfoBuffer;    		return FALSE;    	}    	if(!GetTokenInformation(hAccessToken,TokenGroups,InfoBuffer,1024,&dwInfoBufferSize))    	{    		delete InfoBuffer;    		CloseHandle(hAccessToken);    		return FALSE;    	}    	CloseHandle(hAccessToken);    	if(!AllocateAndInitializeSid(&siaNtAuthority,    		2,    		SECURITY_BUILTIN_DOMAIN_RID,    		DOMAIN_ALIAS_RID_ADMINS,    		0,0,0,0,0,0,    		&psidAdministrators))    	{    		delete InfoBuffer;    		return FALSE;    	}    	ptgGroups = (PTOKEN_GROUPS)InfoBuffer;    	for(UINT i = 0; i < ptgGroups->GroupCount; i++)    	{    		if(EqualSid(psidAdministrators,ptgGroups->Groups[i].Sid))    		{    			FreeSid(psidAdministrators);    			delete InfoBuffer;    			return TRUE;    		}    	}    	return FALSE;    }  

BOOL IsUserAdmin(){    BOOL _isUserAdmin = false;    SID_IDENTIFIER_AUTHORITY NtAuthority = SECURITY_NT_AUTHORITY;    PSID AdministratorsGroup;    if (AllocateAndInitializeSid(&NtAuthority,2,SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS,0,0,0,0,0,0,&AdministratorsGroup))    {        CheckTokenMembership( NULL, AdministratorsGroup, &_isUserAdmin);                FreeSid(AdministratorsGroup);    }        return _isUserAdmin;}

// Returns true if current process prinicipal is a member of Administrators// Assumes no impersonation and that the current principal has the right to// open its own process and process token.// See https://msdn.microsoft.com/en-us/library/windows/desktop/aa376389(v=vs.85).aspxbool IsUserAdmin(void){    SID_IDENTIFIER_AUTHORITY sia = SECURITY_NT_AUTHORITY;    PSID psidAdminGroup;     if (!AllocateAndInitializeSid(&sia, 2, SECURITY_BUILTIN_DOMAIN_RID,            DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, &psidAdminGroup))        return false;    BOOL f = false;    if (!CheckTokenMembership(NULL, psidAdminGroup, /* out */&f))        f = false;    FreeSid(psidAdminGroup);     return f;}

BOOL IsAdmin(){	SID_IDENTIFIER_AUTHORITY NtAuthority = SECURITY_NT_AUTHORITY;	PSID AdministratorsGroup;	// Initialize SID.	if (!AllocateAndInitializeSid(&NtAuthority, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, &AdministratorsGroup))		return false;	// Check whether the token is present in admin group.	BOOL IsInAdminGroup = FALSE;	if (!CheckTokenMembership(NULL, AdministratorsGroup, &IsInAdminGroup))		IsInAdminGroup = FALSE;	// Free SID and return.	FreeSid(AdministratorsGroup);	return IsInAdminGroup;}

bool CCommonAppUtils::IsAdminLogin(){	SID_IDENTIFIER_AUTHORITY ntAuthority = SECURITY_NT_AUTHORITY;	PSID administratorsGroup;	// Initialize SID.	if (!AllocateAndInitializeSid(&ntAuthority, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, &administratorsGroup))		return false;	// Check whether the token is present in admin group.	BOOL isInAdminGroup = FALSE;	if (!CheckTokenMembership(NULL, administratorsGroup, &isInAdminGroup))		isInAdminGroup = FALSE;	// Free SID and return.	FreeSid(administratorsGroup);	return !!isInAdminGroup;}