Prev: Driver development - newbie questions
Next: disk driver implementation
From: Stefan Kuhr on 7 Feb 2010 17:17
Jonathan,

Jonathan de Boyne Pollard wrote:
>>
>>
>> let me rephrase my question: "Can I safely assume that well-known SIDs
>> will always be exactly one of the two forms S-1–x or S-1–x–y or
>> S-1–x–y-z?"
>>
> That's not two forms. That's not a paraphrase. Nor is it what you want
> to know. You're /excluding/ well-known SIDs in your program, so you
> should be asking whether any /non-/well-known SIDs match the trivial
> patterns that you want to use for pattern matching. The answer to that
> is, of course, "Yes.". There are tens of thousands of /non-/well-known
> SIDs that match your patterns. As I was just saying to M. Grigoriev, it
> is a trivial exercise to construct some, that doesn't require very much
> effort at all.
>
> And this is to presume that your letters stand for one RID each, a
> presumption that is on shaky ground because you seem to think that the
> "S-1-x-y-z" in your paraphrase matches the "S-1-x-y" in your original,
> which of course would only be true if, like Microsoft's documentation,
> you actually /do not/ mean one RID per letter. (In some of the TechNet
> documentation, Y denotes the entire string of RIDs, however long it
> is.) In which case, as M. Mostert said, your patterns in fact match all
> SIDs currently in existence.
>

Thanks for your input. You are right. This vague idea of relying on
those forms of SIDs was something that left me with a bad feeling in my
stomach anyway, because it simply seemed too much of an assumption to
me. So many thanks for clearing this up. Actually, my requirements are:

If my code determines a SID, that actually is not a well-known SID, to
be a well-known SID, it would work incorrectly. This could happen if I
relied on a certain form of SID as you have explained. However, if my
code would determine a SID, that actually *is* a well-known SID, not to
be a well-known SID, the LDAP query that I would fire next against the
DC would give me a meaningful error. So this would only have performance
implications, but the behaviour of the program would still be correct.
So I think I can stay with the table based approach and be safe.

BTW: Why are you posting your answers to
comp.os.ms-windows.programmer.win32 as well? I only asked on
microsoft.public.win32.programmer.kernel. I am just curiuos.

Thanks for your help,

--
S
From: Stefan Kuhr on 8 Feb 2010 05:25
Hi Kerem,

On 2/6/2010 8:39 PM, Kerem G�mr�kc� wrote:
> Hi Stephan,
>
> there is this:
>
> [WELL_KNOWN_SID_TYPE Enumeration]
> http://msdn.microsoft.com/en-us/library/aa379650%28VS.85%29.aspx
>
> [IsWellKnownSid]
> http://msdn.microsoft.com/en-us/library/aa379154%28VS.85%29.aspx
>
> Run the enumeration in a nice loop and return a TRUE or FALSE
> for your compared SID,...
>
> Hope this helps,...
>
> regards
>
> Kerem
>

Thanks for bringing this to my attention. Although the API's name
IsWellKnownSid is so very obvious, I didn't know that this API actually
exists until you pointed out to me that it is actually there. Thanks for
your help.

--
S
First  |  Prev  | 
Pages: 1 2 3
Prev: Driver development - newbie questions
Next: disk driver implementation