14 releases
new 0.0.14 | Nov 5, 2024 |
---|---|
0.0.13 | Nov 5, 2024 |
0.0.12 | Oct 24, 2024 |
#588 in Rust patterns
1,455 downloads per month
Used in ntdsextract2
115KB
2K
SLoC
sddl
sddl
is a library created to forensically analyze Windows Security Descriptors
API Usage example
use sddl::{Acl, ControlFlags, SecurityDescriptor};
let mut binary_data = [0x01, 0x00, 0x14, 0xb0, 0x90, 0x00, 0x00,
0x00, 0xa0, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00,
0x00, 0x02, 0x00, 0x1c, 0x00, 0x01, 0x00, 0x00, 0x00, 0x02, 0x80, 0x14,
0x00, 0x00, 0x00, 0x00, 0x80, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
0x01, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x60, 0x00, 0x04, 0x00, 0x00,
0x00, 0x00, 0x03, 0x18, 0x00, 0x00, 0x00, 0x00, 0xa0, 0x01, 0x02, 0x00,
0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00,
0x00, 0x00, 0x03, 0x18, 0x00, 0x00, 0x00, 0x00, 0x10, 0x01, 0x02, 0x00,
0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x20, 0x02, 0x00,
0x00, 0x00, 0x03, 0x14, 0x00, 0x00, 0x00, 0x00, 0x10, 0x01, 0x01, 0x00,
0x00, 0x00, 0x00, 0x00, 0x05, 0x12, 0x00, 0x00, 0x00, 0x00, 0x03, 0x14,
0x00, 0x00, 0x00, 0x00, 0x10, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
0x03, 0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
0x05, 0x20, 0x00, 0x00, 0x00, 0x20, 0x02, 0x00, 0x00, 0x01, 0x02, 0x00,
0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x20, 0x02, 0x00,
0x00];
let security_descriptor = SecurityDescriptor::try_from(&binary_data[..]).unwrap();
println!("{:?}", security_descriptor.flags());
assert!(security_descriptor.flags().contains(ControlFlags::DiscretionaryAclPresent));
assert!(security_descriptor.flags().contains(ControlFlags::SystemAclPresent));
assert!(security_descriptor.flags().contains(ControlFlags::DiscretionaryAclProtected));
assert!(security_descriptor.flags().contains(ControlFlags::SystemAclProtected));
assert!(security_descriptor.flags().contains(ControlFlags::SelfRelative));
assert_eq!(security_descriptor.sacl().as_ref().unwrap(),
&Acl::from_sddl("S:P(AU;FA;GR;;;WD)", None).unwrap());
assert_eq!(security_descriptor.dacl().as_ref().unwrap(),
&Acl::from_sddl("D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)", None).unwrap());
License: GPL-3.0
Dependencies
~5–8.5MB
~147K SLoC