Search code examples
c++pointerswinapimemorysid

How to get complete SID from the SidStart member in a pointer that points to an ACCESS_ALLOWED_ACE structure?


Starting with a string variable containing a Security Descriptor String Format, I convert this string to a security descriptor (using ConvertStringSecurityDescriptorToSecurityDescriptorW function).

This function gives me a "pointer" to a Security Descriptor (I put the pointer under quotation mark relative to this blog post).

Next, I recover a pointer to the DACL of the pointed Security Descriptor using GetSecurityDescriptorDacl function. From this DACL, I store all the ACEs into a vector of pointers to ACCESS_ALLOWED_ACE structures. Finally in these structures, there is my targeted member (SidStart) that I want to use to get a "translation" of the SID (for example with Well-Known SIDs, I want to translate "S-1-1-0" to a final user readable string like "Everyone").

However, SidStart only gives the first DWORD of a trustee's SID. The remaining bytes of the SID are stored in contiguous memory after the SidStart member (as documentation said). Despite my researches over the Internet, I can't figure it out to get theses remaining bytes.

Here is a minimum reproducible example in a C++ Console App:

#include <iostream>
#include <Windows.h>
#include <sddl.h>
#include <vector>

using namespace std;

int main()
{
    LPCWSTR stringSecurityDescriptor = L"D:AI(D;OICI;DCLCDTSD;;;S-1-1-0)";
    PSECURITY_DESCRIPTOR pSD;
    ConvertStringSecurityDescriptorToSecurityDescriptorW(stringSecurityDescriptor, SDDL_REVISION_1, &pSD, nullptr);

    PACL pDacl;
    BOOL bDaclPresent = SE_DACL_PRESENT;
    BOOL bDaclDefaulted = SE_DACL_DEFAULTED;
    GetSecurityDescriptorDacl(pSD, &bDaclPresent, &pDacl, &bDaclDefaulted);

    LPVOID pAce;
    ACCESS_ALLOWED_ACE* pAceBuffer;
    vector<ACCESS_ALLOWED_ACE*> pDaclAces;

    if (bDaclPresent)
    {
        for (int i = 0; i < pDacl->AceCount; i++)
        {
            GetAce(pDacl, i, &pAce);

            pAceBuffer = (ACCESS_ALLOWED_ACE*)pAce;
            pDaclAces.push_back(pAceBuffer);
        }
    }
    
    /* TODO : Get the SID of the ACEs */
}

I'm relatively new in C++ programming (and in programming in general), particularly in winapi environment. Moreover, this is my first question on StackOverflow. So, I hope my question is clear, understandable and resolvable. I'm open to critics.


Solution

  • Thanks to @RbMm in the comment section of my question :

    use (PSID)&SidStart

    I've added this line to my project (by replacing the TODO section in the minimum reproducible example) in order to test it :

    PSID pSid = (PSID)&pDaclAces[0]->SidStart
    

    And then I converted it into a readable string by reusing and readapting this page with Microsoft documentation to my case, and all of it worked perfectly.