:py:mod:`dissect.util.sid`
==========================

.. py:module:: dissect.util.sid




Module Contents
---------------


Functions
~~~~~~~~~

.. autoapisummary::
   :nosignatures:

   dissect.util.sid.read_sid
   dissect.util.sid.write_sid



.. py:function:: read_sid(fh: BinaryIO | bytes, endian: str = '<', swap_last: bool = False) -> str

   Read a Windows SID from bytes.

   Normally we'd do this with cstruct, but do it with just struct to keep dissect.util dependency-free.
   On the upside, this also improves performance!

   This is equivalent to the following structure::

       typedef struct _SID {
           BYTE        Revision;
           BYTE        SubAuthorityCount;
           CHAR        IdentifierAuthority[6];
           DWORD       SubAuthority[SubAuthorityCount];
       } SID;

   :param fh: A file-like object or bytes object to read the SID from.
   :param endian: Optional endianness for reading the sub authorities.
   :param swap_list: Optional flag for swapping the endianess of the _last_ sub authority entry.


.. py:function:: write_sid(sid: str, endian: str = '<', swap_last: bool = False) -> bytes

   Write a Windows SID string to bytes.

   :param sid: SID in the form ``S-Revision-Authority-SubAuth1-...``.
   :param endian: Optional endianness for reading the sub authorities.
   :param swap_last: Optional flag for swapping the endianess of the _last_ sub authority entry.