Geek asks and answers

Translate SID to name

My Delphi 2010 should add a Windows user to the local Administrators group. I got this part using NetLocalGroupAddMembers.

The application should now work in localized versions of Windows with other languages. To do this, I use the SID with the LsaLookupSids function to get the translated name of the group, but I can’t do this because I don’t know how to make an API call.

I would appreciate if someone please show me how to use the LsaLookupSids function to get the group name ("Administrators" on the US version of Windows) from the SID.

Below is my code:

function AddUser(const username, password: PChar; resetpassword: boolean): boolean; stdcall;
var
  NetApiStatus: NET_API_STATUS;
  UserInfo1003: USER_INFO_1003;
  UserInfo1005: USER_INFO_1005;
  ui: USER_INFO_1;
  grp: String;
  sid: PSID;
  snu: SID_NAME_USE;
  sidsize: LongWord;
  refdomain: PLsaReferencedDomainList; //array [0..MAX_PATH - 1] of char;
  refdomainsize: LongWord;
  sidstring: PChar;
  lgmi3: _LOCALGROUP_MEMBERS_INFO_3;
  reftranname: PLsaTranslatedName;
begin
  if UserExists(username) then begin


    sidstring := PChar('S-1-5-32-544'); //Local Administrators group

    refdomain := AllocMem(SizeOf(refdomain));
    FillChar(refdomain, SizeOf(refdomain), 0);

    reftranname := AllocMem(SizeOf(reftranname));

    sidsize := 0;
    sid := nil;
    sid := AllocMem(Length(sidstring) );
    sid := PChar(sidstring);
    try
      LsaLookupSids(GetPolicyHandle, 1, sid, refdomain, reftranname);
      grp := reftranname^.Name.Buffer;
      showmessage('messg ' + grp);
    finally
      FreeMem(sid, sidsize);
    end;
  end;
+3
source share
2 answers

JCL. http://blog.delphi-jedi.net/security-library/ (, TJwSecurityId).

LsaLookupSids, LookupAccountSid ( , ).

uses
  JclSecurity, JclWin32;

// Raises exception in case of invalid ASID or if SID is not found
function GetNameFromSid(ASID: String): String;
var
  lSidLen: DWORD;
  lSid: PSID;
  lName, lDomain: WideString;
begin
  lSidLen := SECURITY_MAX_SID_SIZE;

  lSid := AllocMem(lSidLen);
  try
    StringToSID(ASID, lSid, lSidLen);
    LookupAccountBySid(lSid, lName, lDomain);
    Result := lName;
  finally
    FreeMem(lSid);
  end;
end;
+4

LsaLookupSids, SID. SID LookupAccountSid. :

uses JwaWindows; // or JwaSddl, JwaWinBase;
    var
      Sid: PSID;
      peUse: DWORD;
      cchDomain: DWORD;
      cchName: DWORD;
      Name: array of Char;
      Domain: array of Char;
    begin
      Sid := nil;
      // First convert String SID to SID
      Win32Check(ConvertStringSidToSid(PChar('S-1-5-32-544'), Sid));

      cchName := 0;
      cchDomain := 0;
      // Get Length
      if (not LookupAccountSid(nil, Sid, nil, cchName, nil, cchDomain, peUse))
        and (GetLastError = ERROR_INSUFFICIENT_BUFFER) then
      begin
        SetLength(Name, cchName);
        SetLength(Domain, cchDomain);
        if LookupAccountSid(nil, Sid, @Name[0], cchName, @Domain[0], cchDomain, peUse) then
        begin
           // note: cast to PChar because LookupAccountSid returns zero terminated string
           ShowMessageFmt('%s\%s', [PChar(Domain), PChar(Name)]);
        end;
      end;

      if Assigned(Sid) then
        LocalFree(DWORD(Sid));

Jwscl:

uses JwsclSid;

    var
      Sid: TJwSecurityId;
    begin
      Sid := TJwSecurityId.Create('S-1-5-32-544');
      try
        ShowMessage(Sid.GetAccountName);
      finally
        Sid.Free;
      end;
+6

More articles:


All Articles