我想知道在python中是否有可能,给定字符串username
和password
,找出该帐户是否具有管理员权限?
例如,如果我有两个input
s:
u = input("Username: ")
p = input("Password: ")
# hasAdminRights is a placeholder to checking if the account first of all exists, and then if it has admin.
if hasAdminRights(u,p):
print "This account has admin privileges!"
else:
print """This account either
1) does not have admin
2) is not a real account
3) entered the wrong password"""
即使登录用户不是管理员,我也需要能够检查这一点。
我已经看到很多关于检查当前用户是否有管理员的stackoverflow问题,但我想检查一下PC上的其他用户是否有管理员。
提前致谢,
David Callanan
答案 0 :(得分:1)
要获取用户的访问令牌,请致电LogonUser
,自Windows XP / 2003起,该SeTcbPrivilege
不需要GetTokenInformation
。接下来调用from win32security import (
LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, SE_GROUP_ENABLED,
TokenElevationType, TokenLinkedToken, TokenGroups,
TokenElevationTypeLimited, WinBuiltinAdministratorsSid,
LogonUser, GetTokenInformation, CreateWellKnownSid)
def is_user_an_admin(username, password, allow_elevation=True):
token = LogonUser(username, None, password,
LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT)
elevation_type = GetTokenInformation(token, TokenElevationType)
admin_group = CreateWellKnownSid(WinBuiltinAdministratorsSid)
if elevation_type == TokenElevationTypeLimited and allow_elevation:
linked_token = GetTokenInformation(token, TokenLinkedToken)
token_list = [token, linked_token]
else:
token_list = [token]
for token in token_list:
for group, attrs in GetTokenInformation(token, TokenGroups):
enabled = attrs & SE_GROUP_ENABLED
if enabled and group == admin_group:
return True
return False
以获取标记中的标高类型,链接标记和组列表。例如:
while True:
NSRunLoop.currentRunLoop().runUntilDate_(NSDate.dateWithTimeIntervalSinceNow_(0.1))
此示例不会屏蔽异常,例如密码错误。