Win32::Security::SID - set of routines for SID manipulation
Win32::Security::SID
use Win32::Security::SID; Win32::Security::SID::ConvertSidToName($sid); Win32::Security::SID::ConvertSidToName(Win32::Security::SID::ConvertStringSidToSid($stringsid))
This module provides functions for converting SIDs between binary and text formats and for converting between SIDs and Trustees (usernames).
This installs as part of Win32-Security. See Win32::Security::NamedObject for more information.
Win32-Security. See Win32::Security::NamedObject for more information.
Win32::Security::NamedObject
This has a side effect of use Win32; and of patching Win32::LookupAccountName to adjust the length of the SID properly as opposed to returning the entire 400 byte buffer.
use Win32;
Win32::LookupAccountName
This function is modeled on the Win32 API call of the same name. The Win32 API call, however, requires Win2K. This function takes a binary SID as a parameter (same format as returned by Win32::LookupAccountName) and returns the string form of the SID in the S-R-I-S-S format. It deals with IdentifierAuthority values greater than 2^32 by outputting them in hex (I have yet to run into any of these, but the spec allows for them). If the SID is inconsistent or non-existent, the function returns undef. The string form is mostly commonly used for display purposes and for mounting hives under HKEY_USERS.
undef
HKEY_USERS
This does the reverse of the above function. It takes a string SID as a parameter and returns the binary format. Again, if there are observable inconsistencies in the format, it will simply return undef.
This is basically a semi-intelligent wrapper around Win32::LookupAccountName. Of note, it uses undef for the server name to query, which means the query will execute against the local host. This will correctly operate on un-prefixed domain user accounts, presuming they don't have the same name as the local computer. If they do, the Win32::LookupAccountName returns the SID for the local computer, which is a problem. The $sidtype returned is checked to see that it is User, Group, Alias, or WellKnownGroup - if it is Domain or Computer, the function returns 'UNKNOWN_USERNAME', which helps to defend against this problem. The safest solution is to always use a full user/group name - domain_name\username. It returns the SID in binary format - if you need it in string SID format, call ConvertSidToStringSid.
$sidtype
'UNKNOWN_USERNAME'
ConvertSidToStringSid
If this function gets passed a username that looks like a StringSid (i.e. /^S(?:-\d+)+$/), it calls ConvertStringSidToSid and returns that result. This should only pose a problem if you have a very weird username and don't pass a domain name.
/^S(?:-\d+)+$/
ConvertStringSidToSid
It uses a cache to remember previously asked for usernames (LookupAccountName is very processor intensive - watch LSASS.EXE spike if you make a lot of calls).
LookupAccountName
LSASS.EXE
This is basically a semi-intelligent wrapper around Win32::LookupAccountSID. It returns domain_name\username. In a nutshell, whatever gets returned by ConvertNameToSid is safely suppliable to ConvertSidToName. It accepts the SID in binary format - if you have a SID in string SID format, call ConvertStringSidtoSid first and pass the result.
Win32::LookupAccountSID
ConvertNameToSid
ConvertSidToName
ConvertStringSidtoSid
It uses a cache to remember previously asked for SIDs (LookupAccountSID is very processor intensive - watch LSASS.EXE spike if you make a lot of calls).
LookupAccountSID
Toby Ovod-Everett, toby@ovod-everett.org
1 POD Error
The following errors were encountered while parsing the POD:
Unterminated C<...> sequence
To install Win32::Security::SID, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Win32::Security::SID
CPAN shell
perl -MCPAN -e shell install Win32::Security::SID
For more information on module installation, please visit the detailed CPAN module installation guide.