Expand description
§sddl
sddl is a library created to forensically analyze Windows Security Descriptors
§API Usage example
use sddl::*;
let mut binary_data = [0x01, 0x00, 0x14, 0xb0, 0x90, 0x00, 0x00,
0x00, 0xa0, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00,
0x00, 0x02, 0x00, 0x1c, 0x00, 0x01, 0x00, 0x00, 0x00, 0x02, 0x80, 0x14,
0x00, 0x00, 0x00, 0x00, 0x80, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
0x01, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x60, 0x00, 0x04, 0x00, 0x00,
0x00, 0x00, 0x03, 0x18, 0x00, 0x00, 0x00, 0x00, 0xa0, 0x01, 0x02, 0x00,
0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x21, 0x02, 0x00,
0x00, 0x00, 0x03, 0x18, 0x00, 0x00, 0x00, 0x00, 0x10, 0x01, 0x02, 0x00,
0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x20, 0x02, 0x00,
0x00, 0x00, 0x03, 0x14, 0x00, 0x00, 0x00, 0x00, 0x10, 0x01, 0x01, 0x00,
0x00, 0x00, 0x00, 0x00, 0x05, 0x12, 0x00, 0x00, 0x00, 0x00, 0x03, 0x14,
0x00, 0x00, 0x00, 0x00, 0x10, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
0x03, 0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
0x05, 0x20, 0x00, 0x00, 0x00, 0x20, 0x02, 0x00, 0x00, 0x01, 0x02, 0x00,
0x00, 0x00, 0x00, 0x00, 0x05, 0x20, 0x00, 0x00, 0x00, 0x20, 0x02, 0x00,
0x00];
let security_descriptor = SecurityDescriptor::try_from(&binary_data[..]).unwrap();
println!("{:?}", security_descriptor.flags());
assert!(security_descriptor.flags().contains(ControlFlag::DiscretionaryAclPresent));
assert!(security_descriptor.flags().contains(ControlFlag::SystemAclPresent));
assert!(security_descriptor.flags().contains(ControlFlag::DiscretionaryAclProtected));
assert!(security_descriptor.flags().contains(ControlFlag::SystemAclProtected));
assert!(security_descriptor.flags().contains(ControlFlag::SelfRelative));
assert_eq!(security_descriptor.sacl().as_ref().unwrap(),
&Acl::from_sddl("S:P(AU;FA;GR;;;WD)", None).unwrap());
assert_eq!(security_descriptor.dacl().as_ref().unwrap(),
&Acl::from_sddl("D:P(A;CIOI;GRGX;;;BU)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)", None).unwrap());License: GPL-3.0
Re-exports§
Modules§
Macros§
Structs§
- Access
Mask - Control
Flags - Security
Descriptor - https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/2918391b-75b9-4eeb-83f0-7fdc04a5c6c9
- SidInfo
Enums§
- Access
Mask Flag - Control
Flag - https://github.com/microsoft/referencesource/blob/master/mscorlib/system/security/accesscontrol/securitydescriptor.cs
- Error
- SidAlias