如何查找Windows用户是否属于指定的组?
目前,我们有一个DLL,它使用Windows API LogonUser方法检查用户名/密码是否为有效的Windows用户。我们需要对其进行增强,以便它检查用户是否也属于指定的组。有没有Windows方法可以做到这一点 给定Windows用户名和密码,找出用户是否属于指定的组。最接近的单个API是,这只会留下获取用户SID和组句柄的问题如何查找Windows用户是否属于指定的组?,windows,Windows,目前,我们有一个DLL,它使用Windows API LogonUser方法检查用户名/密码是否为有效的Windows用户。我们需要对其进行增强,以便它检查用户是否也属于指定的组。有没有Windows方法可以做到这一点 给定Windows用户名和密码,找出用户是否属于指定的组。最接近的单个API是,这只会留下获取用户SID和组句柄的问题 如果可以使用ATL,请检查类上的方法。。。即使您不能使用它,也可以查看atlsecurity.h中的实现,例如。您可以使用netapi32.dll中的“NetU
如果可以使用ATL,请检查类上的方法。。。即使您不能使用它,也可以查看atlsecurity.h中的实现,例如。您可以使用netapi32.dll中的“NetUserGetLocalGroups”函数获取给定用户所属的所有组,然后检查函数返回的组名中是否存在指定的组名。您可以找到函数用法谢谢Abhijit,该函数似乎可以完成任务,我还找到了此链接,其中包含示例代码:
unitgetgroupsfourserunit;
接口
使用
Windows、SysUtils、类、ShellAPI;
类型
{$EXTERNALSYM NET\u API\u STATUS}
净API状态=DWORD;
LPLOCALGROUP用户信息0=^LOCALGROUP用户信息0;
{$EXTERNALSYM LPLOCALGROUP\u USERS\u INFO\u 0}
PLOCALGROUP用户信息0=^LOCALGROUP用户信息0;
{$EXTERNALSYM PLOCALGROUP\u USERS\u INFO\u 0}
_LOCALGROUP\u USERS\u INFO\u 0=记录
lgrui0_名称:LPWSTR;
结束;
{$EXTERNALSYM\u LOCALGROUP\u USERS\u INFO\u 0}
LOCALGROUP\u USERS\u INFO\u 0=\u LOCALGROUP\u USERS\u INFO\u 0;
{$EXTERNALSYM LOCALGROUP\u USERS\u INFO\u 0}
TLocalGroupUsersInfo0=LOCALGROUP\u USERS\u INFO\u 0;
PLocalGroupUsersInfo0=PLOCALGROUP\u USERS\u INFO\u 0;
常数
{$EXTERNALSYM MAX_PREFERRED_LENGTH}
最大优先长度=DWORD(-1);
{$EXTERNALSYM NERR_Success}
NERR_Success=0;
{$EXTERNALSYM NERR_BASE}
NERR_基数=2100;
{$EXTERNALSYM NERR_UserNotFound}
NERR_UserNotFound=(NERR_BASE+121);
{$EXTERNALSYM NERR_InvalidComputer}
NERR_InvalidComputer=(NERR_BASE+251);
{$EXTERNALSYM LG_INCLUDE_INDIRECT}
LG_包括_间接=0001美元;
{$EXTERNALSYM NetUserGetLocalGroups}
函数NetUserGetLocalGroups(服务器名:PWideChar;用户名:PWideChar;
级别:DWORD;标志:DWORD;变量bufptr:指针;prefmaxlen:DWORD;
var entriesread:DWORD;var totalentries:DWORD):净API状态;stdcall;
{$EXTERNALSYM NetApiBufferFree}
函数NetApiBufferFree(缓冲区:指针):NET\u API\u状态;stdcall;
函数GetGroupsForNetUser(uname:widestring):字符串;
实施
函数NetUserGetLocalGroups;外部“netapi32.dll”名称
“NetUserGetLocalGroups”;
功能无缓冲区;外部“netapi32.dll”名称“NetApiBufferFree”;
函数GetGroupsForNetUser(uname:widestring):字符串;
//NetUserGetLocalGroups-返回组的分号delim字符串。
//传入GetUserName返回的用户值以获取当前用户。
变量
bufptr:指针;
状态:网络状态;
PrefMaxLen、EntriesRead、TotalEntries:DWord;
i:整数;
pTmpBuf:LPLOCALGROUP\u USERS\u INFO\u 0;
开始
PrefMaxLen:=最大首选长度;
状态:=NetUserGetLocalGroups(零,PWideChar(uname),0,
LG包括间接、bufptr、PrefMaxLen、,
EntriesRead,TotalEntries);
案件状况
NERR_成功:开始
结果:='成功,但无组';
pTmpBuf:=bufptr;
如果pTmpBuf为零,则
开始
结果:='';
对于i:=0到EntriesRead-1 do
开始
如果pTmpBuf为零,则
开始
如果结果='',则
开始
结果:=pTmpBuf.lgrui0\u名称
其他的
结果:=结果+';'+pTmpBuf.lgrui0_名称;
结束;
公司(pTmpBuf);
结束;
结束;
结束;
错误\u访问\u被拒绝:开始
结果:='用户没有访问权限';
结束;
NERR_无效计算机:开始
结果:='计算机名无效';
结束;
NERR_UserNotFound:开始
结果:='找不到用户名。(“+uname+”);
结束;
否则开始
结果:='未知错误';
结束;
结束;
如果bufptr为零,则
NetapipBufferFree(bufptr);
结束;
结束。
unit GetGroupsForUserUnit;
interface
uses
Windows, SysUtils, Classes, ShellAPI;
type
{$EXTERNALSYM NET_API_STATUS}
NET_API_STATUS = DWORD;
LPLOCALGROUP_USERS_INFO_0 = ^LOCALGROUP_USERS_INFO_0;
{$EXTERNALSYM LPLOCALGROUP_USERS_INFO_0}
PLOCALGROUP_USERS_INFO_0 = ^LOCALGROUP_USERS_INFO_0;
{$EXTERNALSYM PLOCALGROUP_USERS_INFO_0}
_LOCALGROUP_USERS_INFO_0 = record
lgrui0_name: LPWSTR;
end;
{$EXTERNALSYM _LOCALGROUP_USERS_INFO_0}
LOCALGROUP_USERS_INFO_0 = _LOCALGROUP_USERS_INFO_0;
{$EXTERNALSYM LOCALGROUP_USERS_INFO_0}
TLocalGroupUsersInfo0 = LOCALGROUP_USERS_INFO_0;
PLocalGroupUsersInfo0 = PLOCALGROUP_USERS_INFO_0;
const
{$EXTERNALSYM MAX_PREFERRED_LENGTH}
MAX_PREFERRED_LENGTH = DWORD(-1);
{$EXTERNALSYM NERR_Success}
NERR_Success = 0;
{$EXTERNALSYM NERR_BASE}
NERR_BASE = 2100;
{$EXTERNALSYM NERR_UserNotFound}
NERR_UserNotFound = (NERR_BASE+121);
{$EXTERNALSYM NERR_InvalidComputer}
NERR_InvalidComputer = (NERR_BASE+251);
{$EXTERNALSYM LG_INCLUDE_INDIRECT}
LG_INCLUDE_INDIRECT = $0001;
{$EXTERNALSYM NetUserGetLocalGroups}
function NetUserGetLocalGroups(servername: PWideChar; username: PWideChar;
level: DWORD; flags: DWORD; var bufptr: Pointer; prefmaxlen: DWORD;
var entriesread: DWORD; var totalentries: DWORD): NET_API_STATUS; stdcall;
{$EXTERNALSYM NetApiBufferFree}
function NetApiBufferFree(Buffer: Pointer): NET_API_STATUS; stdcall;
function GetGroupsForNetUser(uname: widestring): string;
implementation
function NetUserGetLocalGroups; external 'netapi32.dll' name
'NetUserGetLocalGroups';
function NetApiBufferFree; external 'netapi32.dll' name 'NetApiBufferFree';
function GetGroupsForNetUser(uname: widestring): string;
// NetUserGetLocalGroups - returns semi-colon delim string of groups.
// Pass in user value returned by GetUserName to get current user.
var
bufptr: Pointer;
Status: NET_API_STATUS;
PrefMaxLen, EntriesRead, TotalEntries: DWord;
i: integer;
pTmpBuf: LPLOCALGROUP_USERS_INFO_0;
begin
PrefMaxLen := MAX_PREFERRED_LENGTH;
Status := NetUserGetLocalGroups(nil, PWideChar(uname), 0 ,
LG_INCLUDE_INDIRECT, bufptr, PrefMaxLen,
EntriesRead, TotalEntries);
case Status of
NERR_Success: begin
result := 'success, but no groups';
pTmpBuf := bufptr;
if pTmpBuf <> nil then
begin
result := '';
for i := 0 to EntriesRead - 1 do
begin
if pTmpBuf <> nil then
begin
if result = '' then
begin
result := pTmpBuf.lgrui0_name
else
result := result + ';' + pTmpBuf.lgrui0_name;
end;
Inc(pTmpBuf);
end;
end;
end;
ERROR_ACCESS_DENIED: begin
result := 'The user does not have access.';
end;
NERR_InvalidComputer: begin
result := 'The computer name is invalid.';
end;
NERR_UserNotFound: begin
result := 'The user name could not be found. (' + uname + ')';
end;
else begin
result := 'Unknown error.';
end;
end;
if bufptr <> nil then
NetApiBufferFree(bufptr);
end;
end.