Web lists-archives.com

Re: [Samba] ntfs user mappings?




Not bad but I wanted an ldap version because I was having issues
running ldbsearch as a normal user.

I created the following functions to get it in and out of base64 and hex

swap_endian()
{
local input=$1
local output=""
while [ "${input}" != "" ];do
output="${input:0:2}${output}"
input=${input:2}
done
echo $output
}

base64_to_hex()
{
echo $(echo $1|base64 -d|hexdump -ve '/1 "%02x"')
}

hex2sid()
{
local hex=$1
local rev=$((16#${hex:0:2}))
local dsh=$((16#${hex:2:2}))
local ath=$((16#${hex:4:12}))
local sec=$((16#$(swap_endian ${hex:16:8})))
local is1=$((16#$(swap_endian ${hex:24:8})))
local is2=$((16#$(swap_endian ${hex:32:8})))
local is3=$((16#$(swap_endian ${hex:40:8})))
local uid=$((16#$(swap_endian ${hex:48:8})))
echo "S-${rev}-${ath}-${sec}-${is1}-${is2}-${is3}-${uid}"
}

chars()
{
local output="000000000000$2"
local len=${#output}
echo ${output:${len}-$1}
}

sid2hex()
{
 local field=1
 local input=$(echo $1|cut -d- -f2-)
 local test=""
 local output=""
 local integer
 local hex
 while [ "${input}" != "${test}" ];do
  integer=$(echo ${input}|cut -d- -f1)
  hex=$(printf '%x' ${integer})
  if [ "${field}" = "1" ];then
   output=$(chars 2 ${hex})
  elif [ "${field}" = "2" ];then
   output="${output}$(chars 2 ${hex})"
   output="${output}$(chars 12 ${hex})"
  else
   output="${output}$(swap_endian $(chars 8 ${hex}))"
  fi
  field=$((${field}+1))
  test=${input}
  input=$(echo ${input}|cut -d- -f2-)
 done
 echo ${output}
}

hex2base64()
{
 local input=$1
 local output=""
 while [ "${input}" != "" ];do
  output="${output}\x${input:0:2}"
  input=${input:2}
 done
 echo -ne "${output}"|base64
}

base64="AQUAAAAAAAUVAAAAoGXPfnhLm1/nfIdwCRwBAA=="
echo ${base64}
ihex=$(base64_to_hex ${base64})
hex2sid ${ihex}
truesid="S-1-5-21-2127521184-1604012920-1887927527-72713"
echo ${truesid}
ohex=$(sid2hex ${truesid})
echo ${ihex}
echo ${ohex}
base64_to_hex ${base64}
hex2base64 ${ohex}
base64=$(hex2base64 ${ohex})

On Sun, Nov 5, 2017 at 12:31 PM, Rowland Penny <rpenny@xxxxxxxxx> wrote:
> On Sat, 4 Nov 2017 18:42:36 -0600
> Jeff Sadowski <jeff.sadowski@xxxxxxxxx> wrote:
>
>> I decided to continue trying the ldap route as well
>>
>> littlehex2int()
>> {
>>  hex=$1
>>  hex_chunk=$(echo ${hex}|cut -c$2-$3)
>>  little=$(echo ${hex_chunk}|awk '{print
>> substr($0,7,2)substr($0,5,2)substr($0,3,2)substr($0,1,2)}')
>>  echo "ibase=16; ${little}" | bc
>> }
>>
>> base64_to_sid()
>> {
>> OBJECTSID="$1"
>> hex=$(echo ${OBJECTSID}|base64 -d|od -A n -x -w28 --endian=big|sed 's/
>> //g'|awk '{print toupper($1)}')
>> hex_chunk=$(echo ${hex}|cut -c1-2);
>> rev=$(echo "ibase=16; ${hex_chunk}" | bc)
>> hex_chunk=$(echo ${hex}|cut -c3-4)
>> dashes=$(echo "ibase=16; ${hex_chunk}" | bc)
>> hex_chunk=$(echo ${hex}|cut -c5-16)
>> notsure=$(echo "ibase=16; ${hex_chunk}" | bc)
>> nonuniq=$(littlehex2int ${hex} 17 24)
>> issuer1=$(littlehex2int ${hex} 25 32)
>> issuer2=$(littlehex2int ${hex} 33 40)
>> issuer3=$(littlehex2int ${hex} 41 48)
>> uid=$(littlehex2int ${hex} 49 57)
>> echo
>> "S-${rev}-${dashes}-${nonuniq}-${issuer1}-${issuer2}-${issuer3}-${uid}" }
>>
>> On Sat, Nov 4, 2017 at 4:42 PM, Jeff Sadowski
>> <jeff.sadowski@xxxxxxxxx> wrote:
>> > . DOMAIN_ADMIN_PASSWD.sh
>> > echo ${PASSWD} | kinit ${ADMIN}@${DOMAIN}
>> > echo -n > /etc/ntfs-3g.usermap
>> > for DOMAIN_USER in $(wbinfo -u);do
>> >  RPCLOOKUPID=$(rpcclient -P -c "lookupnames ${DOMAIN_USER}"
>> > ${DOMAIN}) if [ "${RPCLOOKUPID:0:7}" != "ERROR: " ] &&
>> > [ "${RPCLOOKUPID:0:7}" != "Failed " ];then
>> >   SID=$(echo ${RPCLOOKUPID}|awk '{print $2}')
>> >   echo ${DOMAIN_USER}::${SID} >> /etc/ntfs-3g.usermap
>> >  fi
>> > done
>> > for DOMAIN_GROUP in $(wbinfo -g);do
>> >  RPCLOOKUPID=$(rpcclient -P -c "lookupnames ${DOMAIN_GROUP}"
>> > ${DOMAIN}) if [ "${RPCLOOKUPID:0:7}" != "ERROR: " ] &&
>> > [ "${RPCLOOKUPID:0:7}" != "Failed " ];then
>> >   SID=$(echo ${RPCLOOKUPID}|awk '{print $2}')
>> >   echo :${DOMAIN_GROUP}:${SID} >> /etc/ntfs-3g.usermap
>> >  fi
>> > done
>> >
>> > On Sat, Nov 4, 2017 at 3:21 AM, Rowland Penny via samba
>> > <samba@xxxxxxxxxxxxxxx> wrote:
>> >> On Fri, 3 Nov 2017 16:25:57 -0600
>> >> Jeff Sadowski <jeff.sadowski@xxxxxxxxx> wrote:
>> >>
>> >>> That looks easier
>> >>>
>> >>> I was working on ldap to convert but I'll try ldb-tools
>> >>>
>> >>> I was off on a bash mission here is what I had so far it isn't
>> >>> correct so I'll keep working on it
>> >>>
>> >>> #!/bin/bash
>> >>> if [ "$(echo $1|wc -c)" = "41" ];then
>> >>> hex=$(echo $1|base64 -d| od -x -w28 --endian=big|head -n1|sed
>> >>> 's/^0000000 //'|sed 's/ //g')
>> >>> echo ${hex}
>> >>> hex_chunk=$(echo ${hex}|cut -c1-2);
>> >>> echo ${hex_chunk}
>> >>> rev=$(echo "ibase=16; ${hex_chunk}" | bc)
>> >>> hex_chunk=$(echo ${hex}|cut -c3-4)
>> >>> echo ${hex_chunk}
>> >>> dashes=$(echo "ibase=16; ${hex_chunk}" | bc)
>> >>> hex_chunk=$(echo ${hex}|cut -c5-16)
>> >>> echo ${hex_chunk}
>> >>> notsure=$(echo "ibase=16; ${hex_chunk}" | bc)
>> >>> hex_chunk=$(echo ${hex}|cut -c17-24)
>> >>> echo ${hex_chunk}
>> >>> issuer1=$(echo "ibase=16; ${hex_chunk}" | bc)
>> >>> hex_chunk=$(echo ${hex}|cut -c25-32)
>> >>> echo ${hex_chunk}
>> >>> issuer2=$(echo "ibase=16; ${hex_chunk}" | bc)
>> >>> hex_chunk=$(echo ${hex}|cut -c33-40)
>> >>> echo ${hex_chunk}
>> >>> issuer3=$(echo "ibase=16; ${hex_chunk}" | bc)
>> >>> hex_chunk=$(echo ${hex}|cut -c41-48)
>> >>> echo ${hex_chunk}
>> >>> issuer4=$(echo "ibase=16; ${hex_chunk}" | bc)
>> >>> hex_chunk=$(echo ${hex}|cut -c49-57)
>> >>> uid=$(echo "ibase=16; ${hex_chunk}" | bc)
>> >>> left=$(echo ${hex}|cut -c58-)
>> >>> echo "[${left}]"
>> >>> echo
>> >>> "S-${rev}-${dashes}-${notsure}-${issuer1}-${issuer2}-${issuer3}-${issuer4}-${uid}"
>> >>>
>> >>> else
>> >>> echo $1
>> >>> echo "not 41 characters like I was expecting"
>> >>> fi
>> >>>
>> >>
>> >> Hmm, you could do this instead:
>> >>
>> >> #!/bin/bash
>> >>
>> >> ## Get users object into $1 with ldbsearch
>> >>
>> >> SID=$(echo $1 | grep 'objectSid:' | awk '{print $NF}')
>> >> echo "$SID"
>> >>
>> >> Which would result in something like this:
>> >>
>> >> S-1-5-21-1768301897-3342589593-1064908849-1107
>> >>
>> >> Rowland
>> >>
>> >> --
>> >> To unsubscribe from this list go to the following URL and read the
>> >> instructions:  https://lists.samba.org/mailman/options/samba
>
> How about my version (attached) ?
>
> Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba