E2kSid

E2kSid — Windows Security Identifiers

Synopsis




struct      E2kSid;
enum        E2kSidType;

E2kSid*     e2k_sid_new_from_string_sid     (E2kSidType type,
                                             const char *string_sid,
                                             const char *display_name);
E2kSid*     e2k_sid_new_from_binary_sid     (E2kSidType type,
                                             const guint8 *binary_sid,
                                             const char *display_name);
#define     E2K_SID_WKS_EVERYONE
#define     E2K_SID_WKS_ANONYMOUS

E2kSidType  e2k_sid_get_sid_type            (E2kSid *sid);
const char* e2k_sid_get_string_sid          (E2kSid *sid);
const guint8* e2k_sid_get_binary_sid        (E2kSid *sid);
const char* e2k_sid_get_display_name        (E2kSid *sid);

#define     E2K_SID_BINARY_SID_LEN          (bsid)
guint       e2k_sid_binary_sid_hash         (gconstpointer key);
gint        e2k_sid_binary_sid_equal        (gconstpointer a,
                                             gconstpointer b);


Object Hierarchy


  GObject
   +----E2kSid

Description

Every user in a Windows domain has a list of Security Identifiers, or SIDs, associated with them. This includes:

  • their own personal SID

  • the SID representing “all users in the local domain”

  • the SID representing “Default”

  • the SIDs for any Windows security groups that they are members of

The user’s personal SID is stored in the objectSid property of their Active Directory entry. Unfortunately, we have no way of retrieving the complete list of SIDs associated with a user.

Details

struct E2kSid

struct E2kSid;

This corresponds to a Windows SID, as defined in WinNT.h:

typedef struct {
    BYTE  Value[6];                             // Big-Endian
} SID_IDENTIFIER_AUTHORITY;

typedef struct {
   BYTE  Revision;
   BYTE  SubAuthorityCount;
   SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
   DWORD SubAuthority[ANYSIZE_ARRAY];
} SID;

#define SID_REVISION                     (1)    // Current revision level

SIDs are also sometimes expressed in string form as:

"S-Revision-IdentifierAuthority-SubAuthority[0]-SubAuthority[1]-..."


enum E2kSidType

typedef enum {
	E2K_SID_TYPE_INVALID,
	E2K_SID_TYPE_USER,
	E2K_SID_TYPE_ALIAS,
	E2K_SID_TYPE_GROUP,
	E2K_SID_TYPE_WELL_KNOWN_GROUP,
	E2K_SID_TYPE_DOMAIN,
	E2K_SID_TYPE_DELETED_ACCOUNT,
	E2K_SID_TYPE_UNKNOWN,
	E2K_SID_TYPE_COMPUTER
} E2kSidType;

This indicates what kind of object the SID refers to. Connector only uses the values E2K_SID_TYPE_USER, E2K_SID_TYPE_GROUP, and E2K_SID_TYPE_WELL_KNOWN_GROUP (for things like “Default”)


e2k_sid_new_from_string_sid ()

E2kSid*     e2k_sid_new_from_string_sid     (E2kSidType type,
                                             const char *string_sid,
                                             const char *display_name);

Creates an E2kSid from the given information

type : the type of SID that string_sid is
string_sid : the string form of a Windows Security Identifier
display_name : UTF-8 display name of the user/group/etc identified by string_sid
Returns : the new SID

e2k_sid_new_from_binary_sid ()

E2kSid*     e2k_sid_new_from_binary_sid     (E2kSidType type,
                                             const guint8 *binary_sid,
                                             const char *display_name);

Creates an E2kSid from the given information

type : the type of SID that binary_sid is
binary_sid : the binary form of a Windows Security Identifier
display_name : UTF-8 display name of the user/group/etc identified by string_sid
Returns : the new SID

E2K_SID_WKS_EVERYONE

#define     E2K_SID_WKS_EVERYONE

This can be passed as the string_sid to e2k_sid_new_from_string_sid() to create a SID representing default access. You can pass NULL for the display_name.


E2K_SID_WKS_ANONYMOUS

#define     E2K_SID_WKS_ANONYMOUS

This can be passed as the string_sid to e2k_sid_new_from_string_sid() to create a SID representing anonymous access. You can pass NULL for the display_name.


e2k_sid_get_sid_type ()

E2kSidType  e2k_sid_get_sid_type            (E2kSid *sid);

Returns the type of sid (user, group, etc)

sid : a SID
Returns : the E2kSidType

e2k_sid_get_string_sid ()

const char* e2k_sid_get_string_sid          (E2kSid *sid);

Returns the string form of sid

sid : a SID
Returns : the string SID

e2k_sid_get_binary_sid ()

const guint8* e2k_sid_get_binary_sid        (E2kSid *sid);

Returns the binary form of sid. Since the SID data is self-delimiting, no length value is needed. Use E2K_SID_BINARY_SID_LEN() if you need to know the size of the binary data.

sid : a SID
Returns : the binary SID

e2k_sid_get_display_name ()

const char* e2k_sid_get_display_name        (E2kSid *sid);

Returns the display name of the entity identified by sid

sid : a SID
Returns : the UTF-8 display name

E2K_SID_BINARY_SID_LEN()

#define     E2K_SID_BINARY_SID_LEN(bsid)

Returns the length of bsid

bsid :the binary form of a SID
Returns :the length of bsid

e2k_sid_binary_sid_hash ()

guint       e2k_sid_binary_sid_hash         (gconstpointer key);

Hashes key, a binary SID. For use with GHashTable.

key : pointer to a binary SID
Returns : the hash value

e2k_sid_binary_sid_equal ()

gint        e2k_sid_binary_sid_equal        (gconstpointer a,
                                             gconstpointer b);

Determines if a and b contain the same SID data. For use with GHashTable.

a : pointer to a binary SID
b : pointer to another binary SID
Returns : TRUE or FALSE

See Also

e2k_global_catalog_lookup(), E2kSecurityDescriptor