From e0e08e9b5298b289dbff9ab8e8dc0427814dcbe7 Mon Sep 17 00:00:00 2001
From: James Andrewartha <trs80@ucc.asn.au>
Date: Sun, 16 Sep 2018 02:30:32 +0800
Subject: [PATCH] Fix AD auth with large SID components (#9207)

* Fix AD auth with large SID components
Per http://php.net/manual/en/function.unpack.php unpack on 32bit will convert large unsigned long values into signed long values, so we check for PHP_INT_SIZE and fix them up if necessary.

* Fix indentation
---
 .../ActiveDirectoryAuthorizer.php             | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/LibreNMS/Authentication/ActiveDirectoryAuthorizer.php b/LibreNMS/Authentication/ActiveDirectoryAuthorizer.php
index dad1dc5c52..198269532c 100644
--- a/LibreNMS/Authentication/ActiveDirectoryAuthorizer.php
+++ b/LibreNMS/Authentication/ActiveDirectoryAuthorizer.php
@@ -345,12 +345,19 @@ class ActiveDirectoryAuthorizer extends AuthorizerBase
 
     protected function sidFromLdap($sid)
     {
-            $sidUnpacked = unpack('H*hex', $sid);
-            $sidHex = array_shift($sidUnpacked);
-            $subAuths = unpack('H2/H2/n/N/V*', $sid);
-            $revLevel = hexdec(substr($sidHex, 0, 2));
-            $authIdent = hexdec(substr($sidHex, 4, 12));
-            return 'S-'.$revLevel.'-'.$authIdent.'-'.implode('-', $subAuths);
+        $sidUnpacked = unpack('H*hex', $sid);
+        $sidHex = array_shift($sidUnpacked);
+        $subAuths = unpack('H2/H2/n/N/V*', $sid);
+        if (PHP_INT_SIZE <= 4) {
+            for ($i = 1; $i <= count($subAuths); $i++) {
+                if ($subAuths[$i] < 0) {
+                    $subAuths[$i] = $subAuths[$i] + 0x100000000;
+                }
+            }
+        }
+        $revLevel = hexdec(substr($sidHex, 0, 2));
+        $authIdent = hexdec(substr($sidHex, 4, 12));
+        return 'S-'.$revLevel.'-'.$authIdent.'-'.implode('-', $subAuths);
     }
 
     /**