Introduction
The aim is to create an application that helps us retrieve the name of an object (e.g., Username) and its domain name, provided the SID of the object is available. The SID has to be in the �S-1-5-21-39�.� format.
The application also is useful to fetch the SID of the object if the name of the object (e.g. Username) and the system name are available.
This application will also work in a domain environment where the object name should be as �Domainname\objectname�. In case the system name is not available, the local system is used to fetch the information.
This application was particularly useful when I was trying to understand the ethereal packets, and also to know in which user context were the requests being made from a CIFS client.
This is a simple MFC based .NET application. The application is based on 2 simple functions:
FetchUserName
: This function is used to get the object name and the domain name, provided the SID and the system name is available. In case the system name is not available, it will be assumed that the SID on the local machine is to be obtained. The system name can be a domain wide name and could be in the format Domainname\SystemName.
Code snippet:
FetchUserName(LPTSTR strtext,LPTSTR lpSystemName,
LPTSTR *lpUserName, LPTSTR *lpDomainName){
Sid = GetBinarySid(strtext);
RetBln = LookupAccountSid(lpSystemName,
Sid,
*lpUserName,
&usernameLength,
*lpDomainName,
&domainnameLength,
&snu);
}
FetchSID
: This function is used to get the object SID in text format and the domain name, provided the object name and the system name is available. In case the system name is not available, it will be assumed that the SID on the local machine is to be obtained. The system name can be a domain wide name and could be in the format Domainname\SystemName.
Code snippet:
FetchSID(LPTSTR strText,LPTSTR systemName,LPTSTR *SID,LPTSTR *domainName){
returnValue = LookupAccountName (systemName,
strText,
mySid,
&sidSize,
tempdomainName,
&refDomainSize,
&snu);
if(sidSize){
mySid = (PSID) malloc (sidSize);
memset(mySid,0,sidSize);
}else{
returnValue = ERROR_INVALID_PARAMETER;
goto exitfunc;
}
if(refDomainSize){
tempdomainName = (LPTSTR) malloc (refDomainSize * sizeof(TCHAR));
memset(tempdomainName,0,refDomainSize * sizeof(TCHAR));
}
if (!LookupAccountName (systemName,
strText,
mySid,
&sidSize,
tempdomainName,
&refDomainSize,
&snu)
}
The core of the entire code is the two functions:
GetTextualSid
and GetBinarySid
used to convert SID structure to a Textual SID and vice versa. We could also use the other function provided by MS to achieve the same like ConvertStringSidToSid
and ConvertSidToStringSid
. Refer to 'Converting SIDs between strings and binary' by Brian Friesen from Code Project or also from the Microsoft site.