Translate SID to display OWNER/GROUP real name.

[anriKogan]

Hi Guys, Thank you for developing this is the useful library. That is really missing in it is to translate the SID to real username or group. Do you have some plans to implement this feature?

[divad]

The SMB protocol itself does not have a built in feature to do this - the intention is that the client is part of the same domain and can use its own facilities to map SIDs to names. I might be wrong about this, but I've never found any reference in the SMB protocol to allow looking up such mappings. It would be nice though.

What I do is shell out to 'wbinfo' on Linux (or any unix) which comes shipped with Samba, and that has a SID to name mapping function. The issue is that in most cases the client must have privileged access to the domain in order to map the SID to name, so the client has to join the domain basically. Doing all of that from Python would be insanely complicated and would require probably 10x more code just to join the domain.

[anriKogan]

Thanks divad for your answer. Actually for getting the OWNER/GROUP i have a workaround, but its ugly solution i found. I have using the Samba utility - smbcalc and the client is not of part of domain too. Simply, i have not understood how it's working :( $ smbcacls //server/share \file.txt -U Guest% -m SMB2 WARNING: The "syslog" option is deprecated REVISION:1 CONTROL:SR|DI|DP OWNER:BUILTIN\Administrators GROUP:WIN-E8UP1FQIR9G\None ACL:WIN-E8UP1FQIR9G\Administrator:ALLOWED/I/FULL ACL:BUILTIN\Administrators:ALLOWED/I/FULL ACL:NT AUTHORITY\SYSTEM:ALLOWED/I/FULL ACL:Everyone:ALLOWED/I/FULL ACL:BUILTIN\Users:ALLOWED/I/FULL

Thanks.

[miketeo]

@divad : Yes, SMB protocol itself does not define a function to perform the conversion.

@anriKogan : To workaround the deficiencies of the SMB protocol, a group of "geniuses" devise a way to invoke remote procedure calls (RPC) over SMB. The Samba smbcals utility uses this to request for the security information from the remote security service on the server. pysmb's listShares function also perform a similar RPC to get the list of shared folders from the server.

If you know C language, you can look at the list of RPC functions that Samba has implemented to perform the "extra" functions that are outside SMB protocol specs. For pysmb, RPC implementations are not easy to accomplish and require a significant amount of efforts/time to read through the specs and analyzing the packet captures. Unfortunately, owing to my current work commitments, I do not have the time to add these functions to pysmb.

[dtheodor]

Any pointers to where someone would start looking to implement this?

[dtheodor]

These functions I assume

https://github.com/samba-team/samba/blob/76868818e8b98a0cd4881d319e0735de5091b8b1/source3/rpcclient/cmd_lsarpc.c#L2374-L2376

[miketeo]

@dtheodor : Yes. These look like the functions for implementing the SID conversion feature.

[dtheodor]

What I am doing is just querying the LDAP server responsible for these SIDs and getting back all the information I need. I think this will always be better than what's possible through SMB RPC. However this does add complexity (a whole new system to talk to) and it doesn't help if there's no LDAP or equivalent when the accounts are just local windows accounts.

[dtheodor]

You shouldn't close this, its a valid feature request to be added to this library.

[anriKogan]

I agree with you, So, actually I am doing the same things you are described above.