-
Notifications
You must be signed in to change notification settings - Fork 0
/
name-to-sid.py
executable file
·95 lines (78 loc) · 2.9 KB
/
name-to-sid.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
#!/usr/bin/python
import ldap
import struct
import string
import sys
def byte_to_str_sid(byte):
"""
Convert bytes into a string SID
byte - bytes to convert
"""
ret = 'S'
sid = []
sid.append(byte_to_long(byte[0]))
sid.append(byte_to_long(byte[2:2+6], False))
for i in range(8, len(byte), 4):
sid.append(byte_to_long(byte[i:i+4]))
for i in sid:
ret += '-' + str(i)
return ret
def byte_to_long(byte, little_endian=True):
"""
Convert bytes into a Python integer
byte - bytes to convert
little_endian - True (default) or False for little or big endian
"""
if len(byte) > 8:
raise Exception('Bytes too long. Needs to be <= 8 or 64bit')
else:
if little_endian:
a = string.ljust(byte, 8, '\x00')
return struct.unpack('<q', a)[0]
else:
a = string.rjust(byte, 8, '\x00')
return struct.unpack('>q', a)[0]
def read_ldap_credentials():
"""
"""
with open("/etc/secrets") as f:
for line in f:
if line.startswith('LDAP_PASSWORD='):
ldap_password = line[line.index('=') + 1:].strip()
elif line.startswith('LDAP_USER='):
ldap_user = eval(line[line.index('=') + 1:].strip())
elif line.startswith('LDAP_URL='):
ldap_url = line[line.index('=') + 1:].strip()
elif line.startswith('LDAP_DOMAIN='):
ldap_domain = line[line.index('=') + 1:].strip()
return ldap_user, ldap_domain, ldap_password, ldap_url
if len(sys.argv) == 0:
sys.stderr.write("name-to-sid.py: ERROR: Supply user as first argument \n")
sys.exit(1)
voPersonExternalID = sys.argv[1]
userSplit = voPersonExternalID.split('@')
userName = userSplit[0]
# Change domain to lowercase to make it compatible with domains written in uppercase, lowercase or combinations thereof
domain = userSplit[1].lower()
# Get LDAP credentials from secrets file
ldap_user, ldap_domain, ldap_password, ldap_url = read_ldap_credentials()
if domain == "unimaas.nl" or domain == "mumc.nl":
l = ldap.initialize(ldap_url)
l.protocol_version = ldap.VERSION3
l.simple_bind_s(ldap_user, ldap_password)
baseDN = ldap_domain
searchScope = ldap.SCOPE_SUBTREE
retrieveAttributes = ['objectSid']
# Search for the username or P-number (or if azM: G-number)
searchFilter = "sAMAccountName=%s" % userName
else:
sys.stderr.write("name-to-sid.py: ERROR: Unknown domain "+domain+" from voPersonExternalID. Expected \"unimaas.nl\" or \"mumc.nl\"\n")
sys.exit(1)
# Perform the LDAP search
id = l.search(baseDN, searchScope, searchFilter, retrieveAttributes)
result_type, result = l.result(id, 0)
if not result_type == ldap.RES_SEARCH_ENTRY:
sys.stderr.write("name-to-sid.py: User not found \n")
sys.exit(1)
rawSid = result[0][1]['objectSid'][0]
print byte_to_str_sid(rawSid)