SID的组成
来源:互联网 发布:ai下载mac版 编辑:程序博客网 时间:2024/05/17 04:25
下面我根据自己的感受来梳理梳理msdn上的信息,也就是说这些我所知道的东西都来自于msdn上,你们也可以上去发现自己感兴趣的东西,虽然过程会很痛苦,漫长...
SID Components: https://msdn.microsoft.com/en-us/library/windows/desktop/aa379597(v=vs.85).aspx
Well-known SIDs:https://msdn.microsoft.com/en-us/library/windows/desktop/aa379649(v=vs.85).aspx
在这里,由于之前提到过,msdn微软建议通过函数还操作一个SID结构体,而且直接从SID结构体入手像分析通常c语言中的结构体那样,好像也没见msdn上有所提示,故而从SID字符串开始吧.
前文说道The security identifier (SID) structure is a variable-length structure used to uniquely identify users or groups.Sid用来唯一标识用户和组的.
以下SID均代指SID字符串
由msdn SID Components该页 知 :且在我忽略了一些我认为不太重要的英文翻译语句的情况下,总结如下
SID字符串 大致形式:S-R-I-S...
其中打头的S代表了后面的一堆数字序列代表了SID
然后就是SID的字符串真正的形式了 R-I-S.....
R :代表了SID的版本号,通常是1,我也只见过1
I:代表了Identity-Authority的值,(这个我就保留了英文说法,不翻译了,觉得英文比直译过来更好些)
S...代表了了 一个或多个 SubAuthority 的值,同上保留不翻译
SECURITY_NULL_SID_AUTHORITY
0
S-1-0
SECURITY_WORLD_SID_AUTHORITY
1
S-1-1
SECURITY_LOCAL_SID_AUTHORITY
2
S-1-2
SECURITY_CREATOR_SID_AUTHORITY
3
S-1-3
SECURITY_NT_AUTHORITY
5
S-1-5
如想知道是否有更多?直接赋值一个出来,粘贴到vs2013(我这儿的编译环境)上去,F12一下,上下鼠标滚动一番,尽收眼底The following RID values are used with universal well-known SIDs. The Identifier authority column shows the prefix of the identifier authority with which you can combine the RID to create a universal well-known SID.
以上说明 : Identity authority这一列显示了SID字符串中,identifier authority 的字符前缀,该字符前缀可被用来 和 RID值(value)组合去构造一个
universal well-konwn SID .(我也分不清well-known SID 和universal well-known SID的具体意义,还是私自认为,是能够在所有平台通用还是只在Windows
平台下适用吧)
SECURITY_NULL_RID
0
S-1-0
SECURITY_WORLD_RID
0
S-1-1
SECURITY_LOCAL_RID
0
S-1-2
SECURITY_LOCAL_LOGON_RID
1
S-1-2
SECURITY_CREATOR_OWNER_RID
0
S-1-3
SECURITY_CREATOR_GROUP_RID
1
S-1-3
The SECURITY_NT_AUTHORITY (S-1-5) predefined identifier authority produces SIDs that are not universal but are meaningful only on Windows installations. You can use the following RID values with SECURITY_NT_AUTHORITY to create well-known SIDs.
上段说明: SID字符串前缀 SERCURITY_NT_AUTHORITY(S-1-5) 是Windows特定适用,预置的Identity authority,一下罗列了用它来构建的一些常见的
SID
SECURITY_DIALUP_RID
S-1-5-1
Users who log on to terminals using a dial-up modem. This is a group identifier.
SECURITY_NETWORK_RID
S-1-5-2
Users who log on across a network. This is a group identifier added to the token of a process when it was logged on across a network. The corresponding logon type is LOGON32_LOGON_NETWORK.
SECURITY_BATCH_RID
S-1-5-3
Users who log on using a batch queue facility. This is a group identifier added to the token of a process when it was logged as a batch job. The corresponding logon type is LOGON32_LOGON_BATCH.
SECURITY_INTERACTIVE_RID
S-1-5-4
Users who log on for interactive operation. This is a group identifier added to the token of a process when it was logged on interactively. The corresponding logon type is LOGON32_LOGON_INTERACTIVE.
SECURITY_LOGON_IDS_RID
S-1-5-5-X-Y
A logon session. This is used to ensure that only processes in a given logon session can gain access to the window-station objects for that session. The X and Y values for these SIDs are different for each logon session. The value SECURITY_LOGON_IDS_RID_COUNT is the number of RIDs in this identifier (5-X-Y).
SECURITY_SERVICE_RID
S-1-5-6
Accounts authorized to log on as a service. This is a group identifier added to the token of a process when it was logged as a service. The corresponding logon type is LOGON32_LOGON_SERVICE.
SECURITY_ANONYMOUS_LOGON_RID
S-1-5-7
Anonymous logon, or null session logon.
SECURITY_PROXY_RID
S-1-5-8
Proxy.
SECURITY_ENTERPRISE_CONTROLLERS_RID
S-1-5-9
Enterprise controllers.
SECURITY_PRINCIPAL_SELF_RID
S-1-5-10
The PRINCIPAL_SELF security identifier can be used in the ACL of a user or group object. During an access check, the system replaces the SID with the SID of the object. The PRINCIPAL_SELF SID is useful for specifying an inheritable ACE that applies to the user or group object that inherits the ACE. It the only way of representing the SID of a created object in the default security descriptor of the schema.
SECURITY_AUTHENTICATED_USER_RID
S-1-5-11
The authenticated users.
SECURITY_RESTRICTED_CODE_RID
S-1-5-12
Restricted code.
SECURITY_TERMINAL_SERVER_RID
S-1-5-13
Terminal Services. Automatically added to the security token of a user who logs on to a terminal server.
SECURITY_LOCAL_SYSTEM_RID
S-1-5-18
A special account used by the operating system.
SECURITY_NT_NON_UNIQUE
S-1-5-21
SIDS are not unique.
SECURITY_BUILTIN_DOMAIN_RID
S-1-5-32
The built-in system domain.
// //
// NT well-known SIDs //
// //
// NT Authority S-1-5 //
// Dialup S-1-5-1 //
// //
// Network S-1-5-2 //
// Batch S-1-5-3 //
// Interactive S-1-5-4 //
// (Logon IDs) S-1-5-5-X-Y //
// Service S-1-5-6 //
// AnonymousLogon S-1-5-7 (aka null logon session) //
// Proxy S-1-5-8 //
// Enterprise DC (EDC) S-1-5-9 (aka domain controller account) //
// Self S-1-5-10 (self RID) //
// Authenticated User S-1-5-11 (Authenticated user somewhere) //
// Restricted Code S-1-5-12 (Running restricted code) //
// Terminal Server S-1-5-13 (Running on Terminal Server) //
// Remote Logon S-1-5-14 (Remote Interactive Logon) //
// This Organization S-1-5-15 //
// //
// IUser S-1-5-17
// Local System S-1-5-18 //
// Local Service S-1-5-19 //
// Network Service S-1-5-20 //
// //
// (NT non-unique IDs) S-1-5-0x15-... (NT Domain Sids) //
// //
// (Built-in domain) S-1-5-0x20 //
// //
// (Security Package IDs) S-1-5-0x40 //
// NTLM Authentication S-1-5-0x40-10 //
// SChannel Authentication S-1-5-0x40-14 //
// Digest Authentication S-1-5-0x40-21 //
// //
// Other Organization S-1-5-1000 (>=1000 can not be filtered) //
// //
// //
// NOTE: the relative identifier values (RIDs) determine which security //
// boundaries the SID is allowed to cross. Before adding new RIDs, //
// a determination needs to be made regarding which range they should //
// be added to in order to ensure proper "SID filtering" //
// //
///////////////////////////////////////////////////////////////////////////////
Local System Local Service Network Service
- SID的组成
- OracleDBConsole<SID>和OracleService<SID>的区别
- 修改数据库的SID
- 获得Oracle的SID
- lk<sid>的探究
- SID
- 怎样修改Oracle的SID?
- SAP系统的SID变更
- SID,Db_Name,Service_name的区别
- SID与SERVICE_NAME的区别
- 获取计算机账号的SID!
- 如何修改数据库的sid
- 如何修改oracle的sid
- 如何查看oracle的sid
- 查看oracle数据库的sid
- SID和Serial#的区别
- oracle找不到sid的问题解决
- 获取当前用户的SID
- TCP连接状态详解
- 内存四区模型
- HDU1232(并查集)
- HDU 2391 Filthy Rich (简单DP)
- hdoj 1559 最大子矩阵 [dp]
- SID的组成
- php实现汉诺塔问题
- Allowing Other Apps to Start Your Activity
- Java中的XML解析
- Service之BindService
- ZZULI OJ-1894 985的方格难题 【DP or 组合数取余】
- 图的深度优先遍历和广度优先遍历
- 点到平面的距离
- http请求的几种方法