LookupAccountName() details
James O Flynn
continuously get an
error 122 "buffers not large enough" and I don't know what I'm missing.
Here's what I'm trying:
...
retVal = LookupAccountName( systemName, userId, theSID,
&sidSize, domain, &domainSize, &sidType );
if ( !retVal ) { eggOnYourFace }
both theSID and domain are malloc ed way bigger than needed, by
admission of the call
exit, and memset to \0. systemName is NULL, userId is the user and
sidType is SidTypeUser.
Any suggestions or a nicely commented example would be more than
welcome.
Cheers,
James.
--
4920616d206e6f742061206e756d62657221
Tim Jurik
I recommend looking at AllocateAndInitializeSid(). I suspect this may be
the cause of your problems. Step through your code and look to see what
happens to the 4th parameter when you call LookupAccountName().
(The following is copied from VC online help)
SID
The SID structure is a variable-length structure used to uniquely identify
users or groups. SID stands for security identifier.
Applications are not to modify the SID structure directly. To create and
manipulate a security identifier, use the functions listed in the See Also
section.
typedef PVOID PSID;
See Also
Access Control Overview, Access Control Structures,
AllocateAndInitializeSid, CopySid, EqualSid, FreeSid, GetLengthSid,
GetSidIdentifierAuthority, GetSidLengthRequired, GetSidSubAuthority,
GetSidSubAuthorityCount, InitializeSid, IsValidSid, LookupAccountName,
LookupAccountSid
- Ti
James O Flynn wrote in message <35ED9C8B...@hursley.ibm.com>...
Gary Jung
>Has anyone a simple example of LookupAccountName() used as I
>continuously get an
>error 122 "buffers not large enough" and I don't know what I'm missing.
>Here's what I'm trying:
>...
>retVal = LookupAccountName( systemName, userId, theSID,
> &sidSize, domain, &domainSize, &sidType );
>
>if ( !retVal ) { eggOnYourFace }
>
>both theSID and domain are malloc ed way bigger than needed, by
>admission of the call
>exit, and memset to \0. systemName is NULL, userId is the user and
>sidType is SidTypeUser.
>Any suggestions or a nicely commented example would be more than
>welcome.
>Cheers,
>James.
Here's some code that shows how to use LookupAccountName()...good luck.
------
Gary Jung (remove z's from my name to send email)
Giffels Associates Ltd
Toronto, Ontario, Canada
TIMS Document Mangement info: http://www.tims3.com
....
// SID variables
UCHAR psnuType[2048];
UCHAR lpszDomain[2048];
DWORD dwDomainLength = 250;
UCHAR UserSID[1024];
DWORD dwSIDBufSize=1024;
// User name variables
UCHAR lpszUserName[250];
DWORD dwUserNameLength = 250;
// File SD variables
UCHAR ucSDbuf[SD_SIZE];
PSECURITY_DESCRIPTOR pFileSD=(PSECURITY_DESCRIPTOR)ucSDbuf;
DWORD dwSDLengthNeeded;
// ACL variables
PACL pACL;
BOOL bDaclPresent;
BOOL bDaclDefaulted;
ACL_SIZE_INFORMATION AclInfo;
// New ACL variables
PACL pNewACL;
DWORD dwNewACLSize;
// New SD variables
UCHAR NewSD[SECURITY_DESCRIPTOR_MIN_LENGTH];
PSECURITY_DESCRIPTOR psdNewSD=(PSECURITY_DESCRIPTOR)NewSD;
// Temporary ACE
PVOID pTempAce;
UINT CurrentAceIndex;
// STEP 1: Get the logged on user name
if(!GetUserName(lpszUserName,&dwUserNameLength))
{
PERR(FALSE, "GetUserName");
return(FALSE);
}
// STEP 2: Get SID for current user
if (!LookupAccountName((LPSTR) NULL,
lpszUserName,
UserSID,
&dwSIDBufSize,
lpszDomain,
&dwDomainLength,
(PSID_NAME_USE)psnuType))
{
PERR(FALSE, "LookupAccountName");
return(FALSE);
}
else
{ char *ptr;
printf("LookupAccountName() for %s OK\n", lpszUserName);
switch(*psnuType)
{
case SidTypeUser : ptr="User"; break;
case SidTypeGroup : ptr="Group"; break;
case SidTypeDomain : ptr="Domain"; break;
case SidTypeAlias : ptr="Alias"; break;
case SidTypeWellKnownGroup : ptr="WellKnowGroup"; break;
case SidTypeDeletedAccount : ptr="DeletedAccount"; break;
case SidTypeInvalid : ptr="Invalid"; break;
case SidTypeUnknown : ptr="Unknown"; break;
default : ptr="Really unknown"; break;
}
printf("SID type indicator = SidType%s\n", ptr);
}