SID to string

How to convert SID (Security Identifier) to string in a system running windows NT.
ConvertSidToStringSid() found in MSDN required windows 2000 or later.
GowrishankarAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
jkrConnect With a Mentor Commented:
Ooops, forgot the example how to use it:

wchar_t* UserName = "Administrator";
PSID pSid;
WCHAR  buf[MAX_PATH];


GetAccountSid(NULL,UserName,&pSid);

Sid2Text(pSid,buf,MAX_PATH);

See also http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/hh/winbase/accctrl_199w.asp

Converting a Binary SID to String Format
Windows 2000 provides the ConvertSidToStringSid and ConvertStringSidToSid functions for converting a SID to and from string format. For a description of the SID string format, see SID Components.

On earlier versions of Windows NT, use the following sample code to convert a SID to string format.

BOOL GetTextualSid(
    PSID pSid,            // binary Sid
    LPTSTR TextualSid,    // buffer for Textual representation of Sid
    LPDWORD lpdwBufferLen // required/provided TextualSid buffersize
    )
{
    PSID_IDENTIFIER_AUTHORITY psia;
    DWORD dwSubAuthorities;
    DWORD dwSidRev=SID_REVISION;
    DWORD dwCounter;
    DWORD dwSidSize;

    // Validate the binary SID.

    if(!IsValidSid(pSid)) return FALSE;

    // Get the identifier authority value from the SID.

    psia = GetSidIdentifierAuthority(pSid);

    // Get the number of subauthorities in the SID.

    dwSubAuthorities = *GetSidSubAuthorityCount(pSid);

    // Compute the buffer length.
    // S-SID_REVISION- + IdentifierAuthority- + subauthorities- + NULL

    dwSidSize=(15 + 12 + (12 * dwSubAuthorities) + 1) * sizeof(TCHAR);

    // Check input buffer length.
    // If too small, indicate the proper size and set last error.

    if (*lpdwBufferLen < dwSidSize)
    {
        *lpdwBufferLen = dwSidSize;
        SetLastError(ERROR_INSUFFICIENT_BUFFER);
        return FALSE;
    }

    // Add 'S' prefix and revision number to the string.

    dwSidSize=wsprintf(TextualSid, TEXT("S-%lu-"), dwSidRev );

    // Add SID identifier authority to the string.

    if ( (psia->Value[0] != 0) || (psia->Value[1] != 0) )
    {
        dwSidSize+=wsprintf(TextualSid + lstrlen(TextualSid),
                    TEXT("0x%02hx%02hx%02hx%02hx%02hx%02hx"),
                    (USHORT)psia->Value[0],
                    (USHORT)psia->Value[1],
                    (USHORT)psia->Value[2],
                    (USHORT)psia->Value[3],
                    (USHORT)psia->Value[4],
                    (USHORT)psia->Value[5]);
    }
    else
    {
        dwSidSize+=wsprintf(TextualSid + lstrlen(TextualSid),
                    TEXT("%lu"),
                    (ULONG)(psia->Value[5]      )   +
                    (ULONG)(psia->Value[4] <<  8)   +
                    (ULONG)(psia->Value[3] << 16)   +
                    (ULONG)(psia->Value[2] << 24)   );
    }

    // Add SID subauthorities to the string.
    //
    for (dwCounter=0 ; dwCounter < dwSubAuthorities ; dwCounter++)
    {
        dwSidSize+=wsprintf(TextualSid + dwSidSize, TEXT("-%lu"),
                    *GetSidSubAuthority(pSid, dwCounter) );
    }

    return TRUE;
}
0
 
jkrCommented:
Use

BOOL Sid2Text(PSID ps,WCHAR *buf,int bufSize)
{
     PSID_IDENTIFIER_AUTHORITY psia;
     DWORD dwSubAuthorities;
     DWORD dwSidRev = SID_REVISION;
     DWORD i;
     int n, size;
     WCHAR *p;

     // Validate the binary SID.

     if ( ! IsValidSid( ps ) )
          return FALSE;

     // Get the identifier authority value from the SID.

     psia = GetSidIdentifierAuthority( ps );

     // Get the number of subauthorities in the SID.

     dwSubAuthorities = *GetSidSubAuthorityCount( ps );

     // Compute the buffer length.
     // S-SID_REVISION- + IdentifierAuthority- + subauthorities- + NULL

     size = 15 + 12 + ( 12 * dwSubAuthorities ) + 1;

     // Check input buffer length.
     // If too small, indicate the proper size and set last error.

     if ( bufSize < size )
     {
          SetLastError( ERROR_INSUFFICIENT_BUFFER );
          return FALSE;
     }

     // Add 'S' prefix and revision number to the string.

     size = wsprintf( buf, L"S-%lu-", dwSidRev );
     p = buf + size;

     // Add SID identifier authority to the string.

     if ( psia->Value[0] != 0 || psia->Value[1] != 0 )
     {
          n = wsprintf( p, L"0x%02hx%02hx%02hx%02hx%02hx%02hx",
          (USHORT) psia->Value[0], (USHORT) psia->Value[1],
          (USHORT) psia->Value[2], (USHORT) psia->Value[3],
          (USHORT) psia->Value[4], (USHORT) psia->Value[5] );
          size += n;
          p += n;
     }
     else
     {
          n = wsprintf( p, L"%lu", ( (ULONG) psia->Value[5] ) +
          ( (ULONG) psia->Value[4] << 8 ) + ( (ULONG) psia->Value[3] << 16 ) +
          ( (ULONG) psia->Value[2] << 24 ) );
          size += n;
          p += n;
     }

     // Add SID subauthorities to the string.

     for ( i = 0; i < dwSubAuthorities; ++ i )
     {
          n = wsprintf( p, L"-%lu", *GetSidSubAuthority( ps, i ) );
          size += n;
          p += n;
     }

     return TRUE;
}
0
 
jkrCommented:
Any problems?
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
GowrishankarAuthor Commented:
I was testing using the code. I am not getting the full string something like this (S-1-5-21-111035657-893913270-658320111-66281), Iam getting (S-1-18) only this much of output. What could be the reason.
0
 
jkrCommented:
Well, which one of the two suggestions did you try?
0
 
GowrishankarAuthor Commented:
First one
0
 
GowrishankarAuthor Commented:
I tried testing the second also, Iam getting only (S-1-5-18) of output
0
 
GowrishankarAuthor Commented:
Ok, now I know the reason - these SID correspond to Administrator /system account that's why for user level Iam getting that big sids. Thanks jkr
0
All Courses

From novice to tech pro — start learning today.