Lib.rs

Rust patterns
#string #acl #security #descriptor #parse #0x00 #control-flags

bin+lib sddl

a library to parse and analyse SDDL Strings

by Jan Starke

16 releases

0.0.16 Nov 8, 2024
0.0.15 Nov 8, 2024
0.0.12 Oct 24, 2024

#646 in Rust patterns

Download history 442/week @ 2024-10-07 788/week @ 2024-10-14 212/week @ 2024-10-21 13/week @ 2024-10-28 431/week @ 2024-11-04 39/week @ 2024-11-11

750 downloads per month
Used in ntdsextract2

GPL-3.0 license

120KB
2K SLoC

Rust 2K SLoC // 0.0% comments LALRPOP 240 SLoC // 0.1% comments

sddl

GitHub License Crates.io Version

sddl is a library created to forensically analyze Windows Security Descriptors

API Usage example

use sddl::{Acl, ControlFlags, SecurityDescriptor};

let mut binary_data = [0x01, 0x00, 0x14, 0xb0, 0x90, 0x00, 0x00,
    0x00, 0xa0, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00,
    0x00, 0x02, 0x00, 0x1c, 0x00, 0x01, 0x00, 0x00, 0x00, 0x02, 0x80, 0x14,
    0x00, 0x00, 0x00, 0x00, 0x80, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x01, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x60, 0x00, 0x04, 0x00, 0x00,
    0x00, 0x00, 0x03, 0x18, 0x00, 0x00, 0x00, 0x00, 0xa0, 0x01, 0x02, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00,
    0x00, 0x00, 0x03, 0x18, 0x00, 0x00, 0x00, 0x00, 0x10, 0x01, 0x02, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x20, 0x02, 0x00,
    0x00, 0x00, 0x03, 0x14, 0x00, 0x00, 0x00, 0x00, 0x10, 0x01, 0x01, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x05, 0x12, 0x00, 0x00, 0x00, 0x00, 0x03, 0x14,
    0x00, 0x00, 0x00, 0x00, 0x10, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x03, 0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x05, 0x20, 0x00, 0x00, 0x00, 0x20, 0x02, 0x00, 0x00, 0x01, 0x02, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x20, 0x02, 0x00,
    0x00];
let security_descriptor = SecurityDescriptor::try_from(&binary_data[..]).unwrap();
println!("{:?}", security_descriptor.flags());
assert!(security_descriptor.flags().contains(ControlFlags::DiscretionaryAclPresent));
assert!(security_descriptor.flags().contains(ControlFlags::SystemAclPresent));
assert!(security_descriptor.flags().contains(ControlFlags::DiscretionaryAclProtected));
assert!(security_descriptor.flags().contains(ControlFlags::SystemAclProtected));
assert!(security_descriptor.flags().contains(ControlFlags::SelfRelative));

assert_eq!(security_descriptor.sacl().as_ref().unwrap(),
            &Acl::from_sddl("S:P(AU;FA;GR;;;WD)", None).unwrap());
assert_eq!(security_descriptor.dacl().as_ref().unwrap(),
            &Acl::from_sddl("D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)", None).unwrap());

License: GPL-3.0

Dependencies

~5–9MB
~148K SLoC