Python 从 SID 获取用户名的 ldap3 代码
Python ldap3 code to get username from SID
我在共享 Windows 服务器上有一个用户的 SID 字符串(例如“S-1-5-21-500000003-1000000000-1000000003-1001”),我需要获取相关用户名。
我想这可以通过以下方式实现:
- 正在将 SID 字符串转换为字节数组。
- 使用合适的
ldpa
查询获取相关用户名。
但我没能找到准确可靠的说明(以这种方式或其他方式)。
如果有任何有用的指南,我将不胜感激,尤其是如果它附带演示 Python (ldap3
) 代码。
您必须有二进制格式的 SID,然后尝试:
from ldap3 import Server, Connection, ALL
from ldap3.utils.conv import escape_bytes
s = Server('my_server', get_info=ALL)
c = Connection(s, 'my_user', 'my_password')
c.bind()
binary_sid = b'....' # your sid must be in binary format
c.search('my_base', '(objectsid=' + escape_bytes(binary_sid) + ')', attributes=['objectsid', 'samaccountname'])
print(c.entries)
您应该在 c.entries[0].sAMAccountName
中获取帐户名称
def unsigned_number_to_slashed_byte_array_string(number, little_endian, digits_count):
"""
Convert given unsigned number into a string that represents it as a sequence of bytes in given order (either little or big Endian).
In case the total number of digits in the string is greater than given digits count, the string is left-padded with zeroes.
Each such byte is represented by a substring that's composed of a preceding slash character followed by two (uppercase) hexadecimal digits (e.g., "\0A").
:param number: An unsigned non-negative integer.
:param little_endian: A flag that says whether little Endian order is requested; otherwise, big Endian order is selected.
:param digits_count: The total count of hexadecimal digits in the resulting possibly left-padded string, which is twice the number of bytes.
:except ValueError: In case given number isn't a non-negative number, or given digits count isn't a positive even number.
:return: A string that represents given number as a sequence of bytes in given order.
"""
if number < 0: raise ValueError("{0}: Argument number must be a non-negative! ({1})".format(func_name(), number))
if (digits_count <= 0) or ((digits_count % 2) != 0): raise ValueError("{0}: Argument digits_count must be an even positive! ({1})".format(func_name(), digits_count))
zero_padded_hex_number_str = "{0:0{1}X}".format(number, digits_count) # Format: no leading "0x", zero-padded digits_count digits (or half digits_count bytes), uppercase hexadecimal letters.
number_byte_array_str = ""
byte_starter_digits_indices_list = range(len(zero_padded_hex_number_str))[::2]
if little_endian: byte_starter_digits_indices_list = reversed(byte_starter_digits_indices_list)
for byte_starter_digit_index in byte_starter_digits_indices_list:
number_byte_array_str = "{0}\{1}".format(number_byte_array_str, zero_padded_hex_number_str[byte_starter_digit_index:(byte_starter_digit_index + 2)])
return number_byte_array_str
def sid_str_to_byte_array_str(sid_str):
"""
:param sid_str: An active-directory SID string (e.g., "S-1-5-21-1241979920-1440912824-1533017923-1106").
:return: A string that represents given SID string as a byte array string (e.g., "\01\05\00\00\00\00\00\05\15\00\00\00\10\1C\07\4A\B8\95\E2\55\43\FF\5F\5B").
"""
dashes_count = sid_str.count("-")
sid_numbers_str = sid_str[2:] # Removes the preceding "S-"
sid_number_strings = sid_numbers_str.split("-")
sid_numbers = [int(sid_number_string) for sid_number_string in sid_number_strings]
sid_byte_array_str = unsigned_number_to_slashed_byte_array_string(sid_numbers[0], True, 2)
sid_byte_array_str += unsigned_number_to_slashed_byte_array_string((dashes_count - 2), True, 2)
sid_byte_array_str += unsigned_number_to_slashed_byte_array_string(sid_numbers[1], False, 12)
sid_byte_array_str += unsigned_number_to_slashed_byte_array_string(sid_numbers[2], True, 8)
sid_byte_array_str += unsigned_number_to_slashed_byte_array_string(sid_numbers[3], True, 8)
sid_byte_array_str += unsigned_number_to_slashed_byte_array_string(sid_numbers[4], True, 8)
sid_byte_array_str += unsigned_number_to_slashed_byte_array_string(sid_numbers[5], True, 8)
return sid_byte_array_str
我在共享 Windows 服务器上有一个用户的 SID 字符串(例如“S-1-5-21-500000003-1000000000-1000000003-1001”),我需要获取相关用户名。
我想这可以通过以下方式实现:
- 正在将 SID 字符串转换为字节数组。
- 使用合适的
ldpa
查询获取相关用户名。
但我没能找到准确可靠的说明(以这种方式或其他方式)。
如果有任何有用的指南,我将不胜感激,尤其是如果它附带演示 Python (ldap3
) 代码。
您必须有二进制格式的 SID,然后尝试:
from ldap3 import Server, Connection, ALL
from ldap3.utils.conv import escape_bytes
s = Server('my_server', get_info=ALL)
c = Connection(s, 'my_user', 'my_password')
c.bind()
binary_sid = b'....' # your sid must be in binary format
c.search('my_base', '(objectsid=' + escape_bytes(binary_sid) + ')', attributes=['objectsid', 'samaccountname'])
print(c.entries)
您应该在 c.entries[0].sAMAccountName
中获取帐户名称def unsigned_number_to_slashed_byte_array_string(number, little_endian, digits_count):
"""
Convert given unsigned number into a string that represents it as a sequence of bytes in given order (either little or big Endian).
In case the total number of digits in the string is greater than given digits count, the string is left-padded with zeroes.
Each such byte is represented by a substring that's composed of a preceding slash character followed by two (uppercase) hexadecimal digits (e.g., "\0A").
:param number: An unsigned non-negative integer.
:param little_endian: A flag that says whether little Endian order is requested; otherwise, big Endian order is selected.
:param digits_count: The total count of hexadecimal digits in the resulting possibly left-padded string, which is twice the number of bytes.
:except ValueError: In case given number isn't a non-negative number, or given digits count isn't a positive even number.
:return: A string that represents given number as a sequence of bytes in given order.
"""
if number < 0: raise ValueError("{0}: Argument number must be a non-negative! ({1})".format(func_name(), number))
if (digits_count <= 0) or ((digits_count % 2) != 0): raise ValueError("{0}: Argument digits_count must be an even positive! ({1})".format(func_name(), digits_count))
zero_padded_hex_number_str = "{0:0{1}X}".format(number, digits_count) # Format: no leading "0x", zero-padded digits_count digits (or half digits_count bytes), uppercase hexadecimal letters.
number_byte_array_str = ""
byte_starter_digits_indices_list = range(len(zero_padded_hex_number_str))[::2]
if little_endian: byte_starter_digits_indices_list = reversed(byte_starter_digits_indices_list)
for byte_starter_digit_index in byte_starter_digits_indices_list:
number_byte_array_str = "{0}\{1}".format(number_byte_array_str, zero_padded_hex_number_str[byte_starter_digit_index:(byte_starter_digit_index + 2)])
return number_byte_array_str
def sid_str_to_byte_array_str(sid_str):
"""
:param sid_str: An active-directory SID string (e.g., "S-1-5-21-1241979920-1440912824-1533017923-1106").
:return: A string that represents given SID string as a byte array string (e.g., "\01\05\00\00\00\00\00\05\15\00\00\00\10\1C\07\4A\B8\95\E2\55\43\FF\5F\5B").
"""
dashes_count = sid_str.count("-")
sid_numbers_str = sid_str[2:] # Removes the preceding "S-"
sid_number_strings = sid_numbers_str.split("-")
sid_numbers = [int(sid_number_string) for sid_number_string in sid_number_strings]
sid_byte_array_str = unsigned_number_to_slashed_byte_array_string(sid_numbers[0], True, 2)
sid_byte_array_str += unsigned_number_to_slashed_byte_array_string((dashes_count - 2), True, 2)
sid_byte_array_str += unsigned_number_to_slashed_byte_array_string(sid_numbers[1], False, 12)
sid_byte_array_str += unsigned_number_to_slashed_byte_array_string(sid_numbers[2], True, 8)
sid_byte_array_str += unsigned_number_to_slashed_byte_array_string(sid_numbers[3], True, 8)
sid_byte_array_str += unsigned_number_to_slashed_byte_array_string(sid_numbers[4], True, 8)
sid_byte_array_str += unsigned_number_to_slashed_byte_array_string(sid_numbers[5], True, 8)
return sid_byte_array_str