2.5.3.1.1 SidInToken
A support function, SidInToken, takes the authorization context, a SID (referenced below as the SidToTest parameter), and an optional PrincipalSelfSubstitute parameter, and returns TRUE if the SidToTest is present in the authorization context; otherwise, it returns FALSE. The well-known SID PRINCIPAL_SELF, if passed as SidToTest, is replaced by the PrincipalSelfSubstitute SID prior to the examination of the authorization context.
Any plug-in replacement is required to use this exact algorithm, which is described using the pseudocode syntax as specified in [DALB].
-
BOOLEAN SidInToken( Token, SidToTest, PrincipalSelfSubstitute ) -- -- On entry -- Token is an authorization context containing all SIDs -- that represent the security principal -- SidToTest, the SID for which to search in Token -- PrincipalSelfSubstitute, a SID with which SidToTest may be -- replaced IF SidToTest is the Well Known SID PRINCIPAL_SELF THEN set SidToTest to be PrincipalSelfSubstitute END IF FOR EACH SID s in Token.Sids[] DO IF s equals SidToTest THEN return TRUE END IF END FOR Return FALSE END-SUBROUTINE