Lib.rs

Rust patterns
#string #acl #security #descriptor #parse #0x00 #control-flags

bin+lib sddl

a library to parse and analyse SDDL Strings

by Jan Starke

14 releases

new 0.0.14 Nov 5, 2024
0.0.13 Nov 5, 2024
0.0.12 Oct 24, 2024

#588 in Rust patterns

Download history 428/week @ 2024-10-06 747/week @ 2024-10-13 256/week @ 2024-10-20 24/week @ 2024-10-27

1,455 downloads per month
Used in ntdsextract2

GPL-3.0 license

115KB
2K SLoC

Rust 2K SLoC // 0.0% comments LALRPOP 240 SLoC // 0.1% comments

sddl

GitHub License Crates.io Version

sddl is a library created to forensically analyze Windows Security Descriptors

API Usage example

use sddl::{Acl, ControlFlags, SecurityDescriptor};

let mut binary_data = [0x01, 0x00, 0x14, 0xb0, 0x90, 0x00, 0x00,
    0x00, 0xa0, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00,
    0x00, 0x02, 0x00, 0x1c, 0x00, 0x01, 0x00, 0x00, 0x00, 0x02, 0x80, 0x14,
    0x00, 0x00, 0x00, 0x00, 0x80, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x01, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x60, 0x00, 0x04, 0x00, 0x00,
    0x00, 0x00, 0x03, 0x18, 0x00, 0x00, 0x00, 0x00, 0xa0, 0x01, 0x02, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00,
    0x00, 0x00, 0x03, 0x18, 0x00, 0x00, 0x00, 0x00, 0x10, 0x01, 0x02, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x20, 0x02, 0x00,
    0x00, 0x00, 0x03, 0x14, 0x00, 0x00, 0x00, 0x00, 0x10, 0x01, 0x01, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x05, 0x12, 0x00, 0x00, 0x00, 0x00, 0x03, 0x14,
    0x00, 0x00, 0x00, 0x00, 0x10, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x03, 0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
    0x05, 0x20, 0x00, 0x00, 0x00, 0x20, 0x02, 0x00, 0x00, 0x01, 0x02, 0x00,
    0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x20, 0x02, 0x00,
    0x00];
let security_descriptor = SecurityDescriptor::try_from(&binary_data[..]).unwrap();
println!("{:?}", security_descriptor.flags());
assert!(security_descriptor.flags().contains(ControlFlags::DiscretionaryAclPresent));
assert!(security_descriptor.flags().contains(ControlFlags::SystemAclPresent));
assert!(security_descriptor.flags().contains(ControlFlags::DiscretionaryAclProtected));
assert!(security_descriptor.flags().contains(ControlFlags::SystemAclProtected));
assert!(security_descriptor.flags().contains(ControlFlags::SelfRelative));

assert_eq!(security_descriptor.sacl().as_ref().unwrap(),
            &Acl::from_sddl("S:P(AU;FA;GR;;;WD)", None).unwrap());
assert_eq!(security_descriptor.dacl().as_ref().unwrap(),
            &Acl::from_sddl("D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)", None).unwrap());

License: GPL-3.0

Dependencies

~5–8.5MB
~147K SLoC