windows 获取当前用户的最后一次登录
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/3371807/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Get current user's last logon
提问by Mr Aleph
I am trying to get the current's user last logon. I might be this current session or it might be one before that.
I am calling GetUserName() to get the current username. I feed that into NetUserGetInfo() to try to get the last logon time. All this fails with error 2221 (user not found). When I tried with "administrator" it works. Even when I hardcode my username it returns a 2221. This is what I am using:
我试图让当前的用户上次登录。我可能是本届会议,也可能是在那之前的会议。
我正在调用 GetUserName() 以获取当前用户名。我将其输入 NetUserGetInfo() 以尝试获取上次登录时间。所有这些都失败了,错误是 2221(找不到用户)。当我尝试使用“管理员”时,它可以工作。即使我对我的用户名进行硬编码,它也会返回 2221。这就是我正在使用的:
nStatus = NetUserGetInfo(NULL, L"administrator", dwLevel, (LPBYTE *) & pBuf);
How can you get the current user's last logon time?
如何获取当前用户的上次登录时间?
thank you, code is always welcomed.
谢谢,代码总是受欢迎的。
Here's the full code I am currently using:
这是我目前使用的完整代码:
DWORD dwLevel = 2;
NET_API_STATUS nStatus;
LPTSTR sStringSid = NULL;
LPUSER_INFO_0 pBuf = NULL;
LPUSER_INFO_2 pBuf2 = NULL;
WCHAR UserName[256];
DWORD nUserName = sizeof(UserName);
if(GetUserName(UserName, &nUserName))
{
printf("information for %ls\n", UserName);
nStatus = NetUserGetInfo(NULL, UserName, dwLevel, (LPBYTE *) & pBuf);
if (nStatus == NERR_Success)
{
pBuf2 = (LPUSER_INFO_2) pBuf;
printf("\tUser account name: %ls\n", pBuf2->usri2_name);
printf("\tLast logon (seconds since January 1, 1970 GMT): %d\n", pBuf2->usri2_last_logon);
printf("\tLast logoff (seconds since January 1, 1970 GMT): %d\n", pBuf2->usri2_last_logoff);
}
else
fprintf(stderr, "NetUserGetinfo failed with error: %d\n", nStatus);
if (pBuf != NULL)
NetApiBufferFree(pBuf);
}
回答by Oleg
You can try to use other level as 2 for example 11.
您可以尝试使用其他级别作为 2,例如 11。
You can aslo try LsaGetLogonSessionData(see http://msdn.microsoft.com/en-us/library/aa378290.aspx). The struct SECURITY_LOGON_SESSION_DATAhas a lot of information which can be helpful for you. The LUID(the first parameter of LsaGetLogonSessionData) you can get from GetTokenInformationwith TokenStatisticsand get AuthenticationIdfield of the TOKEN_STATISTICSstruct.
您也可以尝试LsaGetLogonSessionData(请参阅http://msdn.microsoft.com/en-us/library/aa378290.aspx)。该结构SECURITY_LOGON_SESSION_DATA有很多信息,可以为您提供帮助。您可以从with和 get结构的字段中获取的LUID( 的第一个参数LsaGetLogonSessionData)。GetTokenInformationTokenStatisticsAuthenticationIdTOKEN_STATISTICS
UPDATED: I read more carefully your code and I see now your main error. Function NetUserGetInfois very old. It exists in the time before Windows NT 3.1. The group of functions which Microsoft named now "Network Management" has the name "LAN Manager API". All the functions were introduced in the time where no local login exists. So you can use NetUserGetInfowith NULL as the first parameter only on a domain controller. So in the case that you login with the domain account you should call NetGetDCName, NetGetAnyDCNameor better DsGetDcNameto get the name of a domain controller and use this name (started with two backslashes) as the first parameter of NetUserGetInfo. If you login with a local workstation account your program should work, but the account seems me must be UNICODE stringlike L"Administrator" and not "Administrator". By the way if I login locally on my Windows 7 64-bit computer your program work without any problem. The code
更新:我更仔细地阅读了您的代码,现在我看到了您的主要错误。功能NetUserGetInfo很老了。它存在于 Windows NT 3.1 之前的时代。Microsoft 现在命名为“网络管理”的功能组具有名称“LAN Manager API”。所有功能都是在没有本地登录的时候引入的。因此,您只能在域控制器上使用NetUserGetInfoNULL 作为第一个参数。因此,在您使用域帐户登录的情况下,您应该调用,或者更好地获取域控制器的名称并将此名称(以两个反斜杠开头)用作. 如果您使用本地工作站帐户登录,您的程序应该可以运行,但该帐户似乎必须是 UNICODE 字符串NetGetDCNameNetGetAnyDCNameDsGetDcNameNetUserGetInfo像 L“管理员”而不是“管理员”。顺便说一下,如果我在 Windows 7 64 位计算机上本地登录,您的程序可以正常运行。编码
nStatus = NetUserGetInfo(NULL, L"administrator", dwLevel, (LPBYTE *) & pBuf);
works also.
也有效。
I repeat then in my opinion the best way to get user's last logon is the usage of LSA (Local Security Authority) API like LsaGetLogonSessionData. How promised I wrote for you a code example which shows how to use LsaGetLogonSessionDatain C:
我再说一遍,在我看来,获得用户上次登录的最佳方法是使用 LSA(本地安全机构)API,例如LsaGetLogonSessionData. 我多么承诺为你写了一个代码示例,展示了如何LsaGetLogonSessionData在 C 中使用:
#include <windows.h>
#include <Ntsecapi.h>
#include <Sddl.h>
#include <tchar.h>
#include <stdio.h>
//#include <ntstatus.h>
#include <malloc.h>
#include <strsafe.h>
#pragma comment (lib, "Secur32.lib")
#pragma comment (lib, "strsafe.lib")
// The following constant may be defined by including NtStatus.h.
#ifndef STATUS_SUCCESS
#define STATUS_SUCCESS ((NTSTATUS)0x00000000L)
#endif
// The LSA authentication functions are available in Unicode only.
BOOL GetLogonLUID (LUID *pLuid)
{
BOOL bSuccess;
HANDLE hThread = NULL;
DWORD cbReturnLength;
TOKEN_STATISTICS ts;
__try {
bSuccess = OpenProcessToken (GetCurrentProcess(), TOKEN_QUERY, &hThread); // TOKEN_QUERY_SOURCE
if (!bSuccess)
__leave;
cbReturnLength = sizeof(TOKEN_STATISTICS);
bSuccess = GetTokenInformation (hThread, TokenStatistics, &ts, sizeof(TOKEN_STATISTICS), &cbReturnLength);
if (bSuccess)
*pLuid = ts.AuthenticationId;
}
__finally {
if (hThread)
CloseHandle (hThread);
}
return bSuccess;
}
void PrintUnicodeString (LPCTSTR pszPrefix, LSA_UNICODE_STRING lsaString)
{
if (lsaString.MaximumLength >= lsaString.Length + sizeof(WCHAR) &&
lsaString.Buffer[lsaString.Length/sizeof(WCHAR)] == L'##代码##')
_tprintf (TEXT("%s: %ls\n"), pszPrefix, lsaString.Buffer);
else if (lsaString.Length <= STRSAFE_MAX_CCH * sizeof(TCHAR)) {
LPWSTR sz = (LPWSTR) _alloca (lsaString.Length + sizeof(WCHAR));
StringCbCopyNW (sz, lsaString.Length + sizeof(WCHAR), lsaString.Buffer, lsaString.Length);
_tprintf (TEXT("%s: %ls\n"), pszPrefix, sz);
}
}
void PrintLogonType (SECURITY_LOGON_TYPE type)
{
if (type < Interactive || type > CachedUnlock)
// This is used to specify an undefied logon type
_tprintf (TEXT("LogonType: UndefinedLogonType\n"));
else {
static LPTSTR szTypes[] = {
TEXT("Interactive"), // Interactively logged on (locally or remotely)
TEXT("Network"), // Accessing system via network
TEXT("Batch"), // Started via a batch queue
TEXT("Service"), // Service started by service controller
TEXT("Proxy"), // Proxy logon
TEXT("Unlock"), // Unlock workstation
TEXT("NetworkCleartext"), // Network logon with cleartext credentials
TEXT("NewCredentials"), // Clone caller, new default credentials
TEXT("RemoteInteractive"), // Remote, yet interactive. Terminal server
TEXT("CachedInteractive"), // Try cached credentials without hitting the net.
// The types below only exist in Windows Server 2003 and greater
TEXT("CachedRemoteInteractive"), // Same as RemoteInteractive, this is used internally for auditing purpose
TEXT("CachedUnlock") // Cached Unlock workstation
};
_tprintf (TEXT("LogonType: %s\n"), szTypes[(int)type-Interactive]);
}
}
void PrintFilefime (LPCTSTR pszPrefix, const FILETIME *lpFileTime)
{
SYSTEMTIME st;
FILETIME ft;
BOOL bSuccess;
TCHAR szTime[1024], szDate[1024];
bSuccess = FileTimeToLocalFileTime (lpFileTime, &ft);
if (!bSuccess)
return;
bSuccess = FileTimeToSystemTime (&ft, &st);
if (!bSuccess)
return;
if (GetDateFormat (LOCALE_USER_DEFAULT, // or LOCALE_CUSTOM_UI_DEFAULT
DATE_SHORTDATE,
&st, NULL, szDate, sizeof(szDate)/sizeof(TCHAR)) > 0) {
if (GetTimeFormat (LOCALE_USER_DEFAULT, // or LOCALE_CUSTOM_UI_DEFAULT
0, &st, NULL, szTime, sizeof(szTime)/sizeof(TCHAR)) > 0) {
_tprintf (TEXT("%s: %s, %s\n"), pszPrefix, szDate, szTime);
}
}
}
int main()
{
LUID LogonLuid; // LOGONID_CURRENT
PSECURITY_LOGON_SESSION_DATA pLogonSessionData = NULL;
LPWSTR pszSid = NULL;
NTSTATUS ntStatus;
GetLogonLUID (&LogonLuid);
__try {
ntStatus = LsaGetLogonSessionData (&LogonLuid, &pLogonSessionData);
if (ntStatus == STATUS_SUCCESS) {
if (pLogonSessionData->UserName.Length)
PrintUnicodeString (TEXT("UserName"), pLogonSessionData->UserName);
if (pLogonSessionData->LogonDomain.Length)
PrintUnicodeString (TEXT("LogonDomain"), pLogonSessionData->LogonDomain);
if (pLogonSessionData->AuthenticationPackage.Length)
PrintUnicodeString (TEXT("AuthenticationPackage"), pLogonSessionData->AuthenticationPackage);
PrintLogonType ((SECURITY_LOGON_TYPE)pLogonSessionData->LogonType);
_tprintf (TEXT("Session: %d\n"), pLogonSessionData->Session);
if (ConvertSidToStringSidW (pLogonSessionData->Sid, &pszSid))
_tprintf (TEXT("Sid: %ls\n"), pszSid);
if (pLogonSessionData->LogonTime.QuadPart)
PrintFilefime (TEXT("LogonTime"), (const FILETIME *)&pLogonSessionData->LogonTime);
if (pLogonSessionData->LogonServer.Length)
PrintUnicodeString (TEXT("LogonServer"), pLogonSessionData->LogonServer);
if (pLogonSessionData->DnsDomainName.Length)
PrintUnicodeString (TEXT("DnsDomainName"), pLogonSessionData->DnsDomainName);
if (pLogonSessionData->Upn.Length)
PrintUnicodeString (TEXT("Upn"), pLogonSessionData->Upn);
// one can dump more information like HomeDirectory, ProfilePath and so on
// if _WIN32_WINNT >= 0x0600 and user login a domain
}
}
__finally {
if (pLogonSessionData)
LsaFreeReturnBuffer(pLogonSessionData);
if (pszSid)
pszSid = (LPTSTR)LocalFree (pszSid);
}
}
