Export (0) Print
Expand All SidInToken

A support function, SidInToken, takes the authorization context, a SID (referenced below as the SidToTest parameter), and an optional PrincipalSelfSubstitute parameter, and returns TRUE if the SidToTest is present in the authorization context; otherwise, it returns FALSE. The well-known SID PRINCIPAL_SELF, if passed as SidToTest, is replaced by the PrincipalSelfSubstituteSID prior to the examination of the authorization context.

Any plug-in replacement is required to use this exact algorithm, which is described using the pseudocode syntax as specified in [DALB].

BOOLEAN SidInToken( 
    PrincipalSelfSubstitute )
    -- On entry
    --    Token is an authorization context containing all SIDs
    --       that represent the security principal
    --    SidToTest, the SID for which to search in Token
    --    PrincipalSelfSubstitute, a SID with which SidToTest may be
    --       replaced

    IF SidToTest is the Well Known SID PRINCIPAL_SELF THEN
        set SidToTest to be PrincipalSelfSubstitute
    END IF

    FOR EACH SID s in Token.Sids[] DO
        IF s equals SidToTest THEN
            return TRUE
        END IF

    Return FALSE

© 2014 Microsoft