#92259 - 2003-06-25 02:29 AM
SID to SDDL?
|
Anonymous
Anonymous
Unregistered
|
Hi, I'm reasonabily new to the forum (although I do use it as a source of reference when I code in KiX).
I've tried searching, but I cannot find anyway a binsid to SDDL UDF - does anyone know of a UDF that is available?
Specifcially, I want to convert the following VBScript (I'm at a loss as to how I can convert the BYTE values to process them in Kix).
Thanks in advance.
code:
'*
'* Setup the issuing authorities array
'*
Sub Init_IssueAuthorities( )
IssueAuthorities(0) = "-0-0"
IssueAuthorities(1) = "-1-0"
IssueAuthorities(2) = "-2-0"
IssueAuthorities(3) = "-3-0"
IssueAuthorities(4) = "-4"
IssueAuthorities(5) = "-5"
IssueAuthorities(6) = "-?"
IssueAuthorities(7) = "-?"
IssueAuthorities(8) = "-?"
IssueAuthorities(9) = "-?"
end Sub
'*******************************************************************************
' Helper Function to Format the string to a readable String format
'*******************************************************************************
function SDDL_SID ( oSID )
Dim Revision, SubAuthorities, strSDDL, IssueIndex, index, k, i
Dim p2, j, subtotal, dblSubAuth
'
' First byte is the revision value
'
Revision = ascb(midB(osid,1,1))
'
' Second byte is the number of sub authorities in the
' SID
'
SubAuthorities = CInt(ascb(midb(oSID,2,1)))
strSDDL = "S-" & Revision
IssueIndex = CInt(ascb(midb(oSID,8,1)))
'
' BYtes 2 - 8 are the issueing authority structure
' Currently these values are in the form:
' { 0, 0, 0, 0, 0, X}
'
' We use this fact to retreive byte number 8 as the index
' then look up the authorities for an array of values
'
strSDDL = strSDDL & IssueAuthorities(IssueIndex)
'
' The sub authorities start at byte number 9. The are 4 bytes long and
' the number of them is stored in the SubAuthorities variable.
'
index = 9
i = index
for k = 1 to SubAuthorities
'
' Very simple formula, the sub authorites are stored in the
' following order:
' Byte Index Starting Bit
' Byte 0 - Index 0
' Byte 1 - Index + 1 7
' Byte 2 - Index + 2 15
' Byte 3 - Index + 3 23
' Bytes0 - 4 make a DWORD value in whole. We need to shift the bits
' bits in each byte and sum them all together by multipling by powers of 2
' So the sub authority would be built by the following formula:
'
' SUbAuthority = byte0*2^0 + Byte1*2^8 + byte2*2^16 + byte3*2^24
'
' this be done using a simple short loop, initializing the power of two
' variable ( p2 ) to 0 before the start an incrementing by 8 on each byte
' and summing them all together.
'
p2 = 0
subtotal = 0
for j = 1 to 4
dblSubAuth = CDbl(ascb(midb(osid,i,1))) * (2^p2)
subTotal = subTotal + dblSubAuth
p2 = p2 + 8
i = i + 1
next
'
' Convert the value to a string, add it to the SDDL Sid and continue
'
strSDDL = strSDDL & "-" & cstr(subTotal)
next
SDDL_SID = strSDDL
End Function 'End of Function SDDL_SID()
|
|
Top
|
|
|
|
|
#92261 - 2003-06-25 02:45 AM
Re: SID to SDDL?
|
Howard Bullock
KiX Supporter
Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
|
|
|
Top
|
|
|
|
|
#92262 - 2003-06-25 02:50 AM
Re: SID to SDDL?
|
Shawn
Administrator
Registered: 1999-08-13
Posts: 8611
|
Some of the processing reminds me of GetRID ...
GetRID() discussion
Problem is, Kixtart doesn't handle variant byte arrays very well (ie, not at all), so need to use one of the reskit addons like adssecurity to translate SID's to strings...
-Shawn
|
|
Top
|
|
|
|
|
#92263 - 2003-06-25 02:52 AM
Re: SID to SDDL?
|
Howard Bullock
KiX Supporter
Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
|
If you need to access (get/set) binary SIDs and translate them to hex or the string (S-1-5..) format I can add that functionality to my Win32Admin.DLL.
http://mywebpages.comcast.net/habullock/kix_solutions.htm
|
|
Top
|
|
|
|
|
#92264 - 2003-06-25 11:10 AM
Re: SID to SDDL?
|
Anonymous
Anonymous
Unregistered
|
Thanks all for the help so far - I'm closer to where I want to be, but not completely there.
FYI what I'm actually trying to do is this.
From a known AD username (not logged) I want to query the AD for the DN, the 'objectSID' and (wait for it!) the 'sIDHistory'.
With the help of the GetRID()/GetSID() functions I can pull back the 'objectSID' in a text format, but because this uses ADsSID to convert, I strongly suspect I will not be able to use the same function to get the 'sIDHistory'.
Is there any function within KiX to convert the binary strings of 'objectSID' and 'sIDHistory' to a text format? Or is this where I will fall down.
I actually had a 'friendly bet' with a college that 'anything he could do in VB I could do just as easily in KiX' - so I hope there is a way so I can prove him wrong!
|
|
Top
|
|
|
|
|
#92265 - 2003-06-25 02:01 PM
Re: SID to SDDL?
|
Howard Bullock
KiX Supporter
Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
|
Check out my TranslateName() UDF the Microsoft documetation for the NameTranslate object state it can do DDSL stuff - see quote:
12 = ADS_NAME_TYPE_SID_OR_SID_HISTORY_NAME
; A SID string, as defined in the Security Descriptor Definition Language (SDDL), for either
; the SID of the current object or one from the object's SID history.
; For example, "O:AOG:DAD:(A;;RPWPCCDCLCSWRCWDWOGA;;;S-1-0-0)" For more information see
; Security Descriptor String Format under "Security" in the Microsoft Platform SDK documentation.
Wait more info:
quote:
This method does not support the ADS_NAME_TYPE_SID_OR_SID_HISTORY_NAME element in ADS_NAME_TYPE_ENUM.
Checking with Microsoft. Stay tuned...
|
|
Top
|
|
|
|
Moderator: Shawn, ShaneEP, Ruud van Velsen, Arend_, Jochen, Radimus, Glenn Barnas, Allen, Mart
|
0 registered
and 302 anonymous users online.
|
|
|
