Convert Object Name to SID and vice versa

• Download source files - 27.7 Kb
• Download demo project - 17.7 Kb

Introduction

The aim is to create an application that helps us retrieve the name of an object (e.g., Username) and its domain name, provided the SID of the object is available. The SID has to be in the “S-1-5-21-39….” format.

The application also is useful to fetch the SID of the object if the name of the object (e.g. Username) and the system name are available.

This application will also work in a domain environment where the object name should be as “Domainname\objectname”. In case the system name is not available, the local system is used to fetch the information.

This application was particularly useful when I was trying to understand the ethereal packets, and also to know in which user context were the requests being made from a CIFS client.

This is a simple MFC based .NET application. The application is based on 2 simple functions:

• FetchUserName: This function is used to get the object name and the domain name, provided the SID and the system name is available. In case the system name is not available, it will be assumed that the SID on the local machine is to be obtained. The system name can be a domain wide name and could be in the format Domainname\SystemName.

  Code snippet:

  FetchUserName(LPTSTR strtext,LPTSTR lpSystemName,
                LPTSTR *lpUserName, LPTSTR *lpDomainName){
   
   Sid = GetBinarySid(strtext); //convert stringSID to SID structure
   RetBln = LookupAccountSid(lpSystemName,
                              Sid,
                              *lpUserName,
                              &usernameLength,
                              *lpDomainName,
                              &domainnameLength,
          &snu); 
          //function used to get the name 
          //of the object given the SID structure is given
   
  }

• FetchSID: This function is used to get the object SID in text format and the domain name, provided the object name and the system name is available. In case the system name is not available, it will be assumed that the SID on the local machine is to be obtained. The system name can be a domain wide name and could be in the format Domainname\SystemName.

  Code snippet:

  FetchSID(LPTSTR strText,LPTSTR systemName,LPTSTR *SID,LPTSTR *domainName){
   
  //This is done just to know the buffer size for SID as well as Domain name 
  returnValue = LookupAccountName (systemName,
                         strText,
                         mySid,
                         &sidSize,
                         tempdomainName,
                         &refDomainSize,
                         &snu); 
  if(sidSize){
          mySid = (PSID) malloc (sidSize);
          memset(mySid,0,sidSize);
  }else{
  returnValue = ERROR_INVALID_PARAMETER;
          goto exitfunc;
  }
      
  if(refDomainSize){
          tempdomainName = (LPTSTR) malloc (refDomainSize * sizeof(TCHAR));
          memset(tempdomainName,0,refDomainSize * sizeof(TCHAR));
  }
      //Now get the SID and the domain name
  if (!LookupAccountName (systemName,
                          strText,
                          mySid,
                          &sidSize,
                          tempdomainName,
                          &refDomainSize,
                          &snu)
         
  }

The core of the entire code is the two functions:

GetTextualSid and GetBinarySid used to convert SID structure to a Textual SID and vice versa. We could also use the other function provided by MS to achieve the same like ConvertStringSidToSid and ConvertSidToStringSid. Refer to 'Converting SIDs between strings and binary' by Brian Friesen from Code Project or also from the Microsoft site.