NET::LDAP Active Directory SID Unpack

I was searching high and low for a way to unpack what NET::LDAP was returning for an objectSID. When dumped, it was just a bunch of line noise garbage. Trying to figure out what format it was in I came across this:

Re: Getting Active Directory objectsid value using Net::LDAP - Help!

c. church says:

Looking on MSN, which describes the SID structure (urL :http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/Security/sid_components.asp) it seems to say this:

the format of the sid is S-R-S-S...

Where the first byte is the revision level of the SID structure, the next 48bits (6 bytes) are the authority that issued the SID and then a variable number of (48bit?) subauthority values, as defined in Winnt.h

The Microsoft URL referred to above is dead. (Microsoft has no idea how to keep the antiquated, yet useful, documentation they produce alive, yet they manage to keep Windows XP kickin' for over a decade. Go figure.)

Turns out Net::LDAP::Class::User::AD figured it out already.

my $sid_string = sid2string($record->{objectSID});

sub sid2string {
  my ($sid) = @_;
  my ($revision_level, $authority, $sub_authority_count, 
    @sub_authorities) = unpack 'C Vxx C V*', $sid;
  die if $sub_authority_count != scalar @sub_authorities;
  my $string = join '-', 'S', $revision_level, $authority, 
    @sub_authorities;
  if ( $ENV{LDAP_DEBUG} ) {
    carp "sid    = " . join( '\\', unpack '(H2)*', $sid );
    carp "string = $string";
  }
  return $string;
}

One day I too will learn how to unpack!

Leave a comment

About initself

user-pic Perl is better than sliced bread. Way better.