Windows Access Control List (ACL) Example 29

 

 

 

 

SID conversion: String-to-Binary-to-String Program Example

 

The ConvertSidToStringSid() and ConvertStringSidToSid() functions convert a SID to and from string format.  For Windows NT 4.0 and earlier the ConvertSidToStringSid() and ConvertStringSidToSid() are not supported.

Create a new empty Win32 console application project. Give a suitable project name and change the project location if needed.

 

SID conversion: String-to-Binary-to-String Program Example: Creating new C++ Win32 Visual Studio project

 

Then, add the source file and give it a suitable name.

 

SID conversion: String-to-Binary-to-String Program Example: Adding new C++ source file

 

Next, add the following source code.

 

// Playing with SID format: Binary SID vs string SID

#include <windows.h>

#include <stdio.h>

#include <sddl.h>

#include <aclapi.h>

 

int wmain(int argc, WCHAR **argv)

{

      DWORD SidSize, SidSize2;

      PSID TheSID = NULL;

      LPTSTR pSid = L;

     

      SidSize = SECURITY_MAX_SID_SIZE;

     

      wprintf(LCreate a well known \WinLocalSystemSid\ SID.\n);

      wprintf(L--------------------------------------------\n);

      // Allocate ample buffer for the largest possible SID.

      if(!(TheSID = LocalAlloc(LMEM_FIXED, SidSize)))

      {

            wprintf(LCould not allocate buffer, error %u.\n, GetLastError());

            // Just exit

            exit(1);

      }

      else

            wprintf(LBuffer allocated for TheSID successfully.\n);

     

      // Create a SID for the Local system on the local computer.

      if(!CreateWellKnownSid(

            WinLocalSystemSid,      // Well known Local system SID

            NULL,                   // Domain SID, NULL for local computer

            TheSID,                       // Pointer to memory for new SID

            &SidSize                // Pointer in DWORD the number of byte of TheSid

            ))

      {

            wprintf(LCreateWellKnownSid() failed, error %u.\n, GetLastError());

      }

      else

      {

            wprintf(LCreateWellKnownSid() for Local system is OK.\n);

            wprintf(L\nConvert the \WinLocalSystemSid\ SID to string SID.\n);

            wprintf(L--------------------------------------------------\n);

           

            // Get the string version of the SID (S-R-I-I...)

            if(!(ConvertSidToStringSid(

                  TheSID,  // Pointer to the SID structure to be converted

                  &pSid))) // Pointer to variable that receives the null-terminated SID string

            {

                  wprintf(LConvertSidToStringSid() failed, error %u\n, GetLastError());

                  exit(1);

            }

            else

            {

                  wprintf(LConvertSidToStringSid() is OK.\n);

                  wprintf(LThe SID string for WinLocalSystemSid is: %s\n, pSid);

            }

      }

     

      if(IsValidSid(TheSID))

            wprintf(LThe SID is valid!\n);

      else

            wprintf(LThe SID is not valid!\n);

     

      //**********************************************************

      // TODO: Then, use the string SID as needed.

      // ...

      // When done, don't forget to release the buffer used.

      //**********************************************************

     

      if(LocalFree(TheSID) == NULL)

            wprintf(LTheSID buffer was freed up...\n);

      else

            wprintf(LFailed to free up TheSID buffer, error %u\n, GetLastError());

     

      //************************************************************

      LPTSTR StringSid = LS-1-5-18; // or SY - a well known Local System

      PSID TheSID2 = NULL;

      SidSize2 = SECURITY_MAX_SID_SIZE;

 

      // S-R-5-18 and equal to...

      // SECURITY_NT_AUTHORITY\\SECURITY_LOCAL_SYSTEM_RID

      // But they are stored as in binary format in a SID structure

      wprintf(L\nConvert the \S-1-5-18\ string SID to SID and then reconvert.\n);

      wprintf(L------------------------------------------------------------\n);

      if(!(TheSID2 = LocalAlloc(LMEM_FIXED, SidSize2)))

      {

            wprintf(LCould not allocate buffer for TheSID2, error %u.\n, GetLastError());

            exit(1);

      }

      else

            wprintf(LBuffer allocated for TheSID2 successfully.\n);

     

      //*************************************************

      if(!ConvertStringSidToSid(

            StringSid,  // Pointer to a null-terminated string containing the string-format SID to convert

            &TheSID2))  // Pointer to a variable that receives a pointer to the converted SID

      {

            wprintf(LConvertStringSidToSid() for Local systemfailed, error %u\n, GetLastError());

            exit(1);

      }

      else

      {

            wprintf(LConvertStringSidToSid() for Local system is OK.\n);

      }

     

      // Re-convert to string SID

      if(!(ConvertSidToStringSid(

            TheSID2,         // Pointer to the SID structure to be converted

            &StringSid)))   // Pointer to variable that receives the null-terminated SID string

      {

            wprintf(LConvertSidToStringSid() again failed, error %u\n, GetLastError());

            exit(1);

      }

      else

      {

            wprintf(LConvertSidToStringSid() is OK.\n);

            wprintf(LThe SID string for WinLocalSystemSid is: %s\n, pSid);

      }

     

      if(IsWellKnownSid(TheSID2, WinLocalSystemSid))

            wprintf(LThe SID is a well known SID!\n);

      else

            wprintf(LIsWellKnownSid() failed, error %u.\n, GetLastError());

     

      //**************************************************

      if(IsValidSid(TheSID2))

            wprintf(LThe SID is valid!\n);

      else

            wprintf(LIsValidSid() failed, error %u\n, GetLastError());

     

      if(LocalFree(TheSID2) == NULL)

            wprintf(LBuffer for TheSID2 was freed up...\n);

      else

            wprintf(LFailed to free-up TheSID2 buffer...\n);

 

      return 0;

}

 

Build and run the project. The following screenshot is a sample output.

 

SID conversion: String-to-Binary-to-String Program Example: sample console output showing the SID binary to SID string conversion and vice versa

 

 

 

< Windows ACL Example 28 | Windows Access Control List (ACL) Main | Win32 Programming | Windows ACL Example 30 >