PropertyModifierFromAdSid: new property modifier

library/Director/PropertyModifier/PropertyModifierFromAdSid.php

@@ -0,0 +1,31 @@
+<?php
+
+namespace Icinga\Module\Director\PropertyModifier;
+
+use Icinga\Module\Director\Hook\PropertyModifierHook;
+
+class PropertyModifierFromAdSid extends PropertyModifierHook
+{
+    public function getName()
+    {
+        return 'Decode a binary object SID (MSAD)';
+    }
+
+    public function transform($value)
+    {
+        // Strongly inspired by
+        // http://www.chadsikorra.com/blog/decoding-and-encoding-active-directory-objectsid-php
+        //
+        // Not perfect yet, but should suffice for now. When improving this please also see:
+        // https://blogs.msdn.microsoft.com/oldnewthing/20040315-00/?p=40253
+
+        $sid = $value;
+        $sidHex = unpack('H*hex', $value)['hex'];
+        $subAuths = implode('-', unpack('H2/H2/n/N/V*', $sid));
+ 
+        $revLevel = hexdec(substr($sidHex, 0, 2));
+        $authIdent = hexdec(substr($sidHex, 4, 12));
+ 
+        return sprintf('S-%s-%s-%s', $revLevel, $authIdent, $subAuths);
+    }
+}

run.php

@@ -27,3 +27,4 @@ $this->provideHook('director/PropertyModifier', $prefix . 'PropertyModifier\\Pro
 $this->provideHook('director/PropertyModifier', $prefix . 'PropertyModifier\\PropertyModifierJoin');
 $this->provideHook('director/PropertyModifier', $prefix . 'PropertyModifier\\PropertyModifierGetHostByName');
 $this->provideHook('director/PropertyModifier', $prefix . 'PropertyModifier\\PropertyModifierExtractFromDN');
+$this->provideHook('director/PropertyModifier', $prefix . 'PropertyModifier\\PropertyModifierFromAdSid');