下面我根据自己的感受来梳理梳理msdn上的信息,也就是说这些我所知道的东西都来自于msdn上,你们也可以上去发现自己感兴趣的东西,虽然过程会很痛苦,漫长...
SID Components: https://msdn.microsoft.com/en-us/library/windows/desktop/aa379597(v=vs.85).aspx
在这里,由于之前提到过,msdn微软建议通过函数还操作一个SID结构体,而且直接从SID结构体入手像分析通常c语言中的结构体那样,好像也没见msdn上有所提示,故而从SID字符串开始吧.
前文说道The security identifier (SID) structure is a variable-length structure used to uniquely identify users or groups.Sid用来唯一标识用户和组的.
以下SID均代指SID字符串
由msdn SID Components该页 知 :且在我忽略了一些我认为不太重要的英文翻译语句的情况下,总结如下
SID字符串 大致形式:S-R-I-S...
其中打头的S代表了后面的一堆数字序列代表了SID
然后就是SID的字符串真正的形式了 R-I-S.....
R :代表了SID的版本号,通常是1,我也只见过1
I:代表了Identity-Authority的值,(这个我就保留了英文说法,不翻译了,觉得英文比直译过来更好些)
S...代表了了 一个或多个 SubAuthority 的值,同上保留不翻译
Identifier authority | Value | SID string prefix |
---|---|---|
SECURITY_NULL_SID_AUTHORITY | 0 | S-1-0 |
SECURITY_WORLD_SID_AUTHORITY | 1 | S-1-1 |
SECURITY_LOCAL_SID_AUTHORITY | 2 | S-1-2 |
SECURITY_CREATOR_SID_AUTHORITY | 3 | S-1-3 |
SECURITY_NT_AUTHORITY | 5 | S-1-5 |
The following RID values are used with universal well-known SIDs. The Identifier authority column shows the prefix of the identifier authority with which you can combine the RID to create a universal well-known SID.
以上说明 : Identity authority这一列显示了SID字符串中,identifier authority 的字符前缀,该字符前缀可被用来 和 RID值(value)组合去构造一个
universal well-konwn SID .(我也分不清well-known SID 和universal well-known SID的具体意义,还是私自认为,是能够在所有平台通用还是只在Windows
平台下适用吧)
Relative identifier authority | Value | Identifier authority |
---|---|---|
SECURITY_NULL_RID | 0 | S-1-0 |
SECURITY_WORLD_RID | 0 | S-1-1 |
SECURITY_LOCAL_RID | 0 | S-1-2 |
SECURITY_LOCAL_LOGON_RID | 1 | S-1-2 |
SECURITY_CREATOR_OWNER_RID | 0 | S-1-3 |
SECURITY_CREATOR_GROUP_RID | 1 | S-1-3 |
The SECURITY_NT_AUTHORITY (S-1-5) predefined identifier authority produces SIDs that are not universal but are meaningful only on Windows installations. You can use the following RID values with SECURITY_NT_AUTHORITY to create well-known SIDs.
上段说明: SID字符串前缀 SERCURITY_NT_AUTHORITY(S-1-5) 是Windows特定适用,预置的Identity authority,一下罗列了用它来构建的一些常见的
SID
Constant | String value | Identifies |
---|---|---|
SECURITY_DIALUP_RID | S-1-5-1 | Users who log on to terminals using a dial-up modem. This is a group identifier. |
SECURITY_NETWORK_RID | S-1-5-2 | Users who log on across a network. This is a group identifier added to the token of a process when it was logged on across a network. The corresponding logon type is LOGON32_LOGON_NETWORK. |
SECURITY_BATCH_RID | S-1-5-3 | Users who log on using a batch queue facility. This is a group identifier added to the token of a process when it was logged as a batch job. The corresponding logon type is LOGON32_LOGON_BATCH. |
SECURITY_INTERACTIVE_RID | S-1-5-4 | Users who log on for interactive operation. This is a group identifier added to the token of a process when it was logged on interactively. The corresponding logon type is LOGON32_LOGON_INTERACTIVE. |
SECURITY_LOGON_IDS_RID | S-1-5-5-X-Y | A logon session. This is used to ensure that only processes in a given logon session can gain access to the window-station objects for that session. The X and Y values for these SIDs are different for each logon session. The value SECURITY_LOGON_IDS_RID_COUNT is the number of RIDs in this identifier (5-X-Y). |
SECURITY_SERVICE_RID | S-1-5-6 | Accounts authorized to log on as a service. This is a group identifier added to the token of a process when it was logged as a service. The corresponding logon type is LOGON32_LOGON_SERVICE. |
SECURITY_ANONYMOUS_LOGON_RID | S-1-5-7 | Anonymous logon, or null session logon. |
SECURITY_PROXY_RID | S-1-5-8 | Proxy. |
SECURITY_ENTERPRISE_CONTROLLERS_RID | S-1-5-9 | Enterprise controllers. |
SECURITY_PRINCIPAL_SELF_RID | S-1-5-10 | The PRINCIPAL_SELF security identifier can be used in the ACL of a user or group object. During an access check, the system replaces the SID with the SID of the object. The PRINCIPAL_SELF SID is useful for specifying an inheritable ACE that applies to the user or group object that inherits the ACE. It the only way of representing the SID of a created object in the default security descriptor of the schema. |
SECURITY_AUTHENTICATED_USER_RID | S-1-5-11 | The authenticated users. |
SECURITY_RESTRICTED_CODE_RID | S-1-5-12 | Restricted code. |
SECURITY_TERMINAL_SERVER_RID | S-1-5-13 | Terminal Services. Automatically added to the security token of a user who logs on to a terminal server. |
SECURITY_LOCAL_SYSTEM_RID | S-1-5-18 | A special account used by the operating system. |
SECURITY_NT_NON_UNIQUE | S-1-5-21 | SIDS are not unique. |
SECURITY_BUILTIN_DOMAIN_RID | S-1-5-32 | The built-in system domain. |
// //
// NT well-known SIDs //
// //
// NT Authority S-1-5 //
// Dialup S-1-5-1 //
// //
// Network S-1-5-2 //
// Batch S-1-5-3 //
// Interactive S-1-5-4 //
// (Logon IDs) S-1-5-5-X-Y //
// Service S-1-5-6 //
// AnonymousLogon S-1-5-7 (aka null logon session) //
// Proxy S-1-5-8 //
// Enterprise DC (EDC) S-1-5-9 (aka domain controller account) //
// Self S-1-5-10 (self RID) //
// Authenticated User S-1-5-11 (Authenticated user somewhere) //
// Restricted Code S-1-5-12 (Running restricted code) //
// Terminal Server S-1-5-13 (Running on Terminal Server) //
// Remote Logon S-1-5-14 (Remote Interactive Logon) //
// This Organization S-1-5-15 //
// //
// IUser S-1-5-17
// Local System S-1-5-18 //
// Local Service S-1-5-19 //
// Network Service S-1-5-20 //
// //
// (NT non-unique IDs) S-1-5-0x15-... (NT Domain Sids) //
// //
// (Built-in domain) S-1-5-0x20 //
// //
// (Security Package IDs) S-1-5-0x40 //
// NTLM Authentication S-1-5-0x40-10 //
// SChannel Authentication S-1-5-0x40-14 //
// Digest Authentication S-1-5-0x40-21 //
// //
// Other Organization S-1-5-1000 (>=1000 can not be filtered) //
// //
// //
// NOTE: the relative identifier values (RIDs) determine which security //
// boundaries the SID is allowed to cross. Before adding new RIDs, //
// a determination needs to be made regarding which range they should //
// be added to in order to ensure proper "SID filtering" //
// //
///
Local System Local Service Network Service