随手写了一段C++访问LDAP, 并且获取sid的代码
Posted zj510
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了随手写了一段C++访问LDAP, 并且获取sid的代码相关的知识,希望对你有一定的参考价值。
直接上代码,获取sid,并且转换成字符串形式。没有仔细优化代码,这只能是一段demo代码,但是能跑成功。跟大家share一下。
// LDAPTest.cpp : Defines the entry point for the console application.
//
#include "stdafx.h"
#include <windows.h>
#include "Winldap.h"
#include <Dsgetdc.h>
#include <Sddl.h>
#include <string>
#include <algorithm>
//#include <locale>
#define MAX_NAME 1024
std::string ConvertToStringSid(const unsigned char* bsid, const int len);
namespace myldap
std::wstring LogInWithLdap(const std::wstring& strLdapServer, const std::wstring& strDomain, const std::wstring& strUserName, const std::wstring& strPwd)
const WCHAR* kSAMAccountName = L"sAMAccountName";
const WCHAR* kObjectSid = L"objectSid";
ULONG rt;
LDAP* ld = ldap_initW((PWSTR)strLdapServer.c_str(), 0);
rt = ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, (void*)3);
rt = ldap_connect(ld, NULL);
std::wstring strLoginName;
strLoginName.append(strDomain);
strLoginName.append(L"\\\\");
strLoginName.append(strUserName);
rt = ldap_simple_bind_s(ld, (PWSTR)strLoginName.c_str(), (PWSTR)strPwd.c_str());
LDAPMessage *pMsg = NULL;
WCHAR* attrs[] = (WCHAR*)kObjectSid, NULL;
WCHAR filter[1000] = 0;
wsprintf(filter, L"(%s=%s)", kSAMAccountName, strUserName.c_str());
rt = ldap_search_sW(ld, L"", LDAP_SCOPE_SUBTREE, filter, attrs, 0, &pMsg);
ULONG entry_count = ldap_count_entries(ld, pMsg);
std::wstring ret;
LDAPMessage *e = NULL;
for (e = ldap_first_entry(ld, pMsg); e != NULL; e = ldap_next_entry(ld, e))
PWCHAR pp = ldap_get_dnW(ld, e);
std::wstring dn(pp);
std::transform(dn.begin(), dn.end(), dn.begin(), tolower);
auto i1 = dn.find(L"dc=");
auto i2 = dn.find(L",", i1);
auto dc = dn.substr(i1 + 3, i2 - i1 - 3);
if (_wcsicmp(dc.c_str(), strDomain.c_str()) != 0)
continue;
BerElement* ber = NULL;
WCHAR* attribute = ldap_first_attributeW(ld, e, &ber);
while (attribute)
berval** attrList;
if (attrList = ldap_get_values_lenW(ld, e, attribute))
for (int i = 0; attrList[i]; i++ )
std::string sid = ConvertToStringSid((const unsigned char*)attrList[i]->bv_val, attrList[i]->bv_len);
ret = std::wstring(sid.begin(), sid.end());
ldap_value_free_len(attrList);
ldap_memfreeW(attribute);
attribute = ldap_next_attributeW(ld, e, ber);
return ret;
std::string ConvertToStringSid(const unsigned char* bsid, const int len)
if (len < 8) // at least 8 bytes
return "";
char buf[1024] = 0;
std::string sid("S");
// revision
int revision = bsid[0];
memset(buf, 0, sizeof(buf));
sprintf_s(buf, "-%d", revision);
sid.append(buf);
// 6 types
unsigned char temp[6] = 0;
for (int i = 0; i < 6; ++i)
temp[6 - i - 1] = bsid[2 + i];
long long d3 = 0;
memcpy(&d3, temp, 6);
memset(buf, 0, sizeof(buf));
sprintf_s(buf, "-%ld", d3);
sid.append(buf);
// 32bit (4bytes) dashes
int dashes = (int)bsid[1]; // second byte determines dash number. dashes = total dashes - 2
if (dashes * 4 != len - 8)
return ""; // wrong format
for (int i = 0; i < dashes; ++i)
unsigned int v = 0;
memcpy(&v, bsid + 8 + i * 4, 4);
memset(buf, 0, sizeof(buf));
sprintf_s(buf, "-%u", v);
sid.append(buf);
return sid;
int _tmain(int argc, _TCHAR* argv[])
std::wstring strSid = myldap::LogInWithLdap(L"qapf1.qalab01.nextlabs.com:3268", L"qapf1", L"john.tyler", L"john.tyler");
return 0;
以上是关于随手写了一段C++访问LDAP, 并且获取sid的代码的主要内容,如果未能解决你的问题,请参考以下文章
昨晚停网后,我写了一段Python代码攻破了隔壁老王家的wifi密码