| Win32::Security::SID - set of routines for SID manipulation | 
Win32::Security::SID - set of routines for SID manipulation
use Win32::Security::SID;
Win32::Security::SID::ConvertSidToName($sid); Win32::Security::SID::ConvertSidToName(Win32::Security::SID::ConvertStringSidToSid($stringsid))
This module provides functions for converting SIDs between binary and text formats and for converting between SIDs and Trustees (usernames).
This installs as part of Win32-Security.  See 
C<Win32::Security::NamedObject> for more information.
This has a side effect of use Win32; and of patching 
Win32::LookupAccountName to adjust the length of the SID properly as opposed 
to returning the entire 400 byte buffer.
This function is modeled on the Win32 API call of the same name.  The Win32 API 
call, however, requires Win2K.  This function takes a binary SID as a parameter 
(same format as returned by Win32::LookupAccountName) and returns the string 
form of the SID in the S-R-I-S-S format.  It deals with 
IdentifierAuthority values greater than 2^32 by outputting them in hex (I have 
yet to run into any of these, but the spec allows for them).  If the SID is 
inconsistent or non-existent, the function returns undef.  The string form is 
mostly commonly used for display purposes and for mounting hives under 
HKEY_USERS.
This does the reverse of the above function.  It takes a string SID as a 
parameter and returns the binary format.  Again, if there are observable 
inconsistencies in the format, it will simply return undef.
This is basically a semi-intelligent wrapper around Win32::LookupAccountName.  
Of note, it uses undef for the server name to query, which means the query 
will execute against the local host. This will correctly operate on un-prefixed 
domain user accounts, presuming they don't have the same name as the local 
computer.  If they do, the Win32::LookupAccountName returns the SID for the 
local computer, which is a problem.  The $sidtype returned is checked to see 
that it is User, Group, Alias, or WellKnownGroup - if it is Domain or Computer, 
the function returns 'UNKNOWN_USERNAME', which helps to defend against this 
problem.  The safest solution is to always use a full user/group name - 
domain_name\username.  It returns the SID in binary format - if you need 
it in string SID format, call ConvertSidToStringSid.
If this function gets passed a username that looks like a StringSid (i.e. 
/^S(?:-\d+)+$/), it calls ConvertStringSidToSid and returns that result.  
This should only pose a problem if you have a very weird username and don't pass 
a domain name.
It uses a cache to remember previously asked for usernames (LookupAccountName 
is very processor intensive - watch LSASS.EXE spike if you make a lot of 
calls).
This is basically a semi-intelligent wrapper around Win32::LookupAccountSID.  
It returns domain_name\username.  In a nutshell, whatever gets returned by 
ConvertNameToSid is safely suppliable to ConvertSidToName.  It accepts the 
SID in binary format - if you have a SID in string SID format, call 
ConvertStringSidtoSid first and pass the result.
It uses a cache to remember previously asked for SIDs (LookupAccountSID is 
very processor intensive - watch LSASS.EXE spike if you make a lot of calls).
Toby Ovod-Everett, toby@ovod-everett.org
| Win32::Security::SID - set of routines for SID manipulation |