[clug] Perl to unpack an Active Directory objectSID
clug at james.st
Fri Sep 23 07:48:31 GMT 2005
Could the Active Directory experts on the list
please cast their eyes over this.
I found some perl code to unpack Active Directory SIDs at:
But it seems needlessly complex.
The particular SID I'm studying is (in hex, broken into 4 byte longs)
01 05 00 00 | 00 00 00 05 |
15 00 00 00 00 | 01 36 A7 03 | hex | hex | hex
From the code it seems:
The first byte is the SID revision number. (usually 1)
The second is the number of sub fields in the second line.
The remaining 6 bytes on the first line are the auth ID.
Just to maintain inconsistency they are read big-endian.
The second line is (in my case) 5 x 32 bit numbers read little-endian.
So to decode it these 2 lines of perl should do:
my($sid_rev, $num_auths, $id1, $id2, @ids) =
unpack("H2 H2 n N V*", $binary_sid);
my $sid_string = join("-", "S", $sid_rev, ($id1<<32)+$id2, @ids);
Note that combining $id1 and 2
must be done arithmetically not stringwise
to keep the leading zero's lined up.
If any of this is wrong, please tell me.
If this is useful to anyone, I'm delighted.
Michael James michael at james.st
Network Programmer work: 02 6246 5040
8 Brennan St home: 02 6247 2556
Hackett, ACT 2602 mobile: 04 1747 4065
No matter how much you pay for software,
you always get less than you hoped.
Unless you pay nothing, then you get more.
More information about the linux