library/Director/PropertyModifier/PropertyModifierFromAdSid.php


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36

<?php

namespace Icinga\Module\Director\PropertyModifier;

use Icinga\Module\Director\Hook\PropertyModifierHook;

class PropertyModifierFromAdSid extends PropertyModifierHook
{
    public function getName()
    {
        return 'Decode a binary object SID (MSAD)';
    }

    public function transform($value)
    {
        if ($value === null) {
            return null;
        }

        // Strongly inspired by
        // http://www.chadsikorra.com/blog/decoding-and-encoding-active-directory-objectsid-php
        //
        // Not perfect yet, but should suffice for now. When improving this please also see:
        // https://blogs.msdn.microsoft.com/oldnewthing/20040315-00/?p=40253

        $sid = $value;
        $sidHex = unpack('H*hex', $value);
        $sidHex = $sidHex['hex'];
        $subAuths = implode('-', unpack('H2/H2/n/N/V*', $sid));
 
        $revLevel = hexdec(substr($sidHex, 0, 2));
        $authIdent = hexdec(substr($sidHex, 4, 12));
 
        return sprintf('S-%s-%s-%s', $revLevel, $authIdent, $subAuths);
    }
}