- NSIS Discussion
- ${If} ${UserIsAdmin}
Archive: ${If} ${UserIsAdmin}
Zinthose
27th July 2009 16:18 UTC
${If} ${UserIsAdmin}
I patched together a macro for use with the LogicLib library to easily check if the security context has Administrative rights.
Feedback is practically non existent on the wiki as most of the activity appears to be here in the forums.
It has been quite handy in my projects... Enjoy. :)
; -----------------------
; UserIsAdmin
>; -----------------------
;
; Example:
; ${If} ${
UserIsAdmin}
; DetailPrint "Current user security context has local administrative rights."
>; ${Else}
; DetailPrint "Current user security context dose NOT have local administrative rights."
>; ${EndIf}
;
!macro _UserIsAdmin _a _b _t _f
System::Store 'p0 p1 p2 p3'
System::Call '*(&i1 0,&i4 0,&i1 5)i.r0'
System::Call 'advapi32::AllocateAndInitializeSid(i r0,i 2,i 32,i 544,i 0,i 0,i 0,i 0,i 0,i 0,*i .r1)i.r2'
System::Free $0
System::Call 'advapi32::CheckTokenMembership(i n,i r1,*i .r2)i.r3'
System::Call 'advapi32::FreeSid(i r1)i.r2'
StrCmp $3 0 0 +4
## User is an Admin
System::Store 'r0 r1 r2 r3'
Goto `${_f}`
## User is not an Admin
System::Store 'r0 r1 r2 r3'
Goto `${_t}`
!macroend
>
Afrow UK
27th July 2009 16:43 UTC
I think your +4 jump is one too many. Also, where is your define for UserIsAdmin.
Stu
Zinthose
27th July 2009 23:27 UTC
Ah, good eye.. =)
Here is the corrected macro.
; ----------------------------
; LogicLib_Ext.nsh
>; ----------------------------
;
;Library to extend the 'LogicLib' library's existing functions.
;
!ifndef ___LOGICLIB_EXT__NSH___
!define ___LOGICLIB_EXT__NSH___
!include '
LogicLib.nsh'
; -----------------------
; UserIsAdmin
; -----------------------
;
; Example:
; ${If} ${UserIsAdmin}
; DetailPrint "Current user security context has local administrative rights."
; ${Else}
; DetailPrint "Current user security context dose NOT have local administrative rights."
; ${EndIf}
;
!macro _UserIsAdmin _a _b _t _f
System::Store 'p0 p1 p2 p3'
System::Call '*(&i1 0,&i4 0,&i1 5)i.r0'
System::Call 'advapi32::AllocateAndInitializeSid(i r0,i 2,i 32,i 544,i 0,i 0,i 0,i 0,i 0,i 0,*i .r1)i.r2'
System::Free $0
System::Call 'advapi32::CheckTokenMembership(i n,i r1,*i .r2)i.r3'
System::Call 'advapi32::FreeSid(i r1)i.r2'
StrCmp $3 0 0 +3
## User is an Admin
System::Store 'r0 r1 r2 r3'
Goto `${_f}`
## User is not an Admin
System::Store 'r0 r1 r2 r3
Goto`${_t}`
!macroend
!define UserIsAdmin `"" UserIsAdmin ""`
!endif
FYI: The Latest version can always be found at:
NSIS WIKI - UserIsAdmin
Anders
27th July 2009 23:50 UTC
you could probably optimize this a bit, you could build the SID in a system struct without calling AllocateAndInitializeSid and FreeSid, and if you store the result from CheckTokenMembership on the stack, you could probably just have one system::store to restore and pop into the logiclib temp var, and if you did both there would only be need for one register and no need to call store at all
Anders
28th July 2009 12:36 UTC
As usual, I can't help myself, so here is my take on it:
!macro _UserIsAdminNT5 _a _b _t _f
Push $1
!insertmacro _LOGICLIB_TEMP
System::Call '*(&i1 1,&i1 2,&i5,&i1 5,&i4 32,&i4 544)i.r1' ;S-1-5-32-544
System::Call 'advapi32::CheckTokenMembership(i n,i r1,*i.s)i.s'
System::Free $1
Pop $1
Pop $_LOGICLIB_TEMP
IntCmpU $1 0 0 +2 +2
StrCpy $_LOGICLIB_TEMP 0
Pop $1
!insertmacro _!= $_LOGICLIB_TEMP 0 `${_t}` `${_f}`
!macroend
!define UserIsAdminNT5 `"" UserIsAdminNT5 ""`
Section
${If} ${UserIsAdminNT5}
DetailPrint "admin"
${Else}
DetailPrint "not admin"
${EndIf}
SectionEnd
I named it NT5 because CheckTokenMembership was added to windows 2000, if you need to support every OS, use the userinfo plugin
Zinthose
28th July 2009 20:03 UTC
Wow awesome Anders!
ryanpager
29th July 2009 17:13 UTC
Anders FTW!