CreateWellKnownSid function
Applies to: desktop apps only
The CreateWellKnownSid function creates a SID for predefined aliases.
Syntax
BOOL WINAPI CreateWellKnownSid( __in WELL_KNOWN_SID_TYPE WellKnownSidType, __in_opt PSID DomainSid, __out_opt PSID pSid, __inout DWORD *cbSid );
Parameters
- WellKnownSidType [in]
-
Member of the WELL_KNOWN_SID_TYPE enumeration that specifies what the SID will identify.
- DomainSid [in, optional]
-
A pointer to a SID that identifies the domain to use when creating the SID. Pass NULL to use the local computer.
- pSid [out, optional]
-
A pointer to memory where CreateWellKnownSid will store the new SID.
- cbSid [in, out]
-
A pointer to a DWORD that contains the number of bytes available at pSid. The CreateWellKnownSid function stores the number of bytes actually used at this location.
Return value
If the function succeeds, the return value is nonzero.
If the function fails, the return value is zero. For extended error information, call GetLastError.
Examples
The following example shows creating a SID for the Everyone group.
DWORD SidSize; PSID TheSID; LPTSTR p; SidSize = SECURITY_MAX_SID_SIZE; // Allocate enough memory for the largest possible SID. if(!(TheSID = LocalAlloc(LMEM_FIXED, SidSize))) { fprintf(stderr, "Could not allocate memory.\n"); exit(1); } // Create a SID for the Everyone group on the local computer. if(!CreateWellKnownSid(WinWorldSid, NULL, TheSID, &SidSize)) { fprintf(stderr, "CreateWellKnownSid Error %u", GetLastError()); } else { // Get the string version of the SID (S-1-1-0). if(!(ConvertSidToStringSid(TheSID, &p))) { fprintf(stderr, "Error during ConvertSidToStringSid.\n"); exit(1); } // Use the string SID as needed. // ... // When done, free the memory used. LocalFree(p); LocalFree(TheSID); }
Requirements
|
Minimum supported client | Windows XP |
|---|---|
|
Minimum supported server | Windows Server 2003 |
|
Header |
|
|
Library |
|
|
DLL |
|
See also
Send comments about this topic to Microsoft
Build date: 3/7/2012
CreateWellKnownSid doesn't create proper SID
This call to create 'CreateWellKnownSid' doesnt seem to create a compatible string (LPSTR)
that can be assigned to EXPLICIT_ACCESS structure's Truestee.ptstrName field.
The following code throws error with, ret = 122 (The data area passed to a system call is too small.)
This seems to happen because the CreateWellKnownSid() creates SID which can have End of string charcter (\0).
This SID when assigned to the EXPLICIT_ACCESS structure's Truestee.ptstrName field causes
problems as the \0 character in SID, prematurely terminates the string.
What is wrong that I am doing here?
Is there some other way of encoding SID as string to be used in EXPLICIT_ACCESS structure?
I am using Windows XP.
<snip>
BYTE sid_[SECURITY_MAX_SID_SIZE];
DWORD size_sid = SECURITY_MAX_SID_SIZE;
WELL_KNOWN_SID_TYPE type = WinNullSid;
PSID TheSID;
TheSID = LocalAlloc(LMEM_FIXED, size_sid);
BOOL result = CreateWellKnownSid(type, NULL, TheSID, &size_sid);
CopySid(size_sid, reinterpret_cast<SID*>(const_cast<BYTE*>(sid_)), TheSID);
LocalFree(TheSID);
EXPLICIT_ACCESS new_access;
ZeroMemory(&new_access, sizeof(EXPLICIT_ACCESS));
new_access.grfAccessMode = GRANT_ACCESS;
new_access.grfAccessPermissions = access;
new_access.grfInheritance = NO_INHERITANCE;
new_access.Trustee.pMultipleTrustee = NULL;
new_access.Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
new_access.Trustee.TrusteeForm = TRUSTEE_IS_SID;
new_access.Trustee.ptstrName = reinterpret_cast<LPSTR>(const_cast<SID*>(sid_));
*new_dacl = NULL;
if (ERROR_SUCCESS != SetEntriesInAcl(1, &new_access, old_dacl, new_dacl)) {
int ret = GetLastError();
}
</snip>
that can be assigned to EXPLICIT_ACCESS structure's Truestee.ptstrName field.
The following code throws error with, ret = 122 (The data area passed to a system call is too small.)
This seems to happen because the CreateWellKnownSid() creates SID which can have End of string charcter (\0).
This SID when assigned to the EXPLICIT_ACCESS structure's Truestee.ptstrName field causes
problems as the \0 character in SID, prematurely terminates the string.
What is wrong that I am doing here?
Is there some other way of encoding SID as string to be used in EXPLICIT_ACCESS structure?
I am using Windows XP.
<snip>
BYTE sid_[SECURITY_MAX_SID_SIZE];
DWORD size_sid = SECURITY_MAX_SID_SIZE;
WELL_KNOWN_SID_TYPE type = WinNullSid;
PSID TheSID;
TheSID = LocalAlloc(LMEM_FIXED, size_sid);
BOOL result = CreateWellKnownSid(type, NULL, TheSID, &size_sid);
CopySid(size_sid, reinterpret_cast<SID*>(const_cast<BYTE*>(sid_)), TheSID);
LocalFree(TheSID);
EXPLICIT_ACCESS new_access;
ZeroMemory(&new_access, sizeof(EXPLICIT_ACCESS));
new_access.grfAccessMode = GRANT_ACCESS;
new_access.grfAccessPermissions = access;
new_access.grfInheritance = NO_INHERITANCE;
new_access.Trustee.pMultipleTrustee = NULL;
new_access.Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
new_access.Trustee.TrusteeForm = TRUSTEE_IS_SID;
new_access.Trustee.ptstrName = reinterpret_cast<LPSTR>(const_cast<SID*>(sid_));
*new_dacl = NULL;
if (ERROR_SUCCESS != SetEntriesInAcl(1, &new_access, old_dacl, new_dacl)) {
int ret = GetLastError();
}
</snip>
- 12/8/2009
- techpurush
vb.net syntax
<DllImport("advapi32.dll", CharSet:=CharSet.Unicode, SetLastError:=True)> _
Public Shared Function CreateWellKnownSid(ByVal sidType As Integer, ByVal domainSid As Byte(), <Out> ByVal resultSid As Byte(), ByRef resultSidLength As UInt32) As Integer
End Function
Example:
Public Shared Function CreateANewWellKnownSid(ByVal sidType As WellKnownSidType, ByVal domainSid As SecurityIdentifier, <Out> ByRef resultSid As Byte()) As Integer
Dim maxBinaryLength As UInt32 = DirectCast(SecurityIdentifier.MaxBinaryLength, UInt32)
resultSid = New Byte(maxBinaryLength - 1) {}
If (CreateWellKnownSid(CInt(sidType), IIf((domainSid Is Nothing), Nothing, domainSid.BinaryForm), resultSid, (maxBinaryLength)) <> 0) Then
Return 0
End If
resultSid = Nothing
Return Marshal.GetLastWin32Error
End Function
