Ejemplo n.º 1
0
def test_sec_descrip_owner_group():
    SDDL = "O:ANG:S-1-2-3"
    sd = SecurityDescriptor.from_string(SDDL)
    assert sd.owner.to_string() == "S-1-5-7"
    assert sd.group.to_string() == "S-1-2-3"
    assert sd.dacl is None
    assert sd.sacl is None
Ejemplo n.º 2
0
def test_ace_resource_attribute(sddl, expected_values):
    sd = SecurityDescriptor.from_string(sddl)
    ra = sd.sacl[0]
    assert ra.Header.AceType == gdef.SYSTEM_RESOURCE_ATTRIBUTE_ACE_TYPE
    attr = ra.attribute
    assert attr.name == "TestName"
    assert attr.values == expected_values
Ejemplo n.º 3
0
def test_conditional_ace_applicationdata(sddl, expected_value):
    sd = SecurityDescriptor.from_string(sddl)
    acl = sd.dacl
    if acl is None:
        acl = sd.sacl
    ace = acl[0]
    appdata = ace.application_data
    # https://msdn.microsoft.com/en-us/library/hh877860.aspx
    assert appdata.startswith(b"artx")
    assert expected_value in appdata.replace(b"\x00", b"")
Ejemplo n.º 4
0
def test_complex_ace_guid_sid(sddl, obj_guid, inherited_object_guid):
    sd = SecurityDescriptor.from_string(sddl)
    assert sd.dacl is not None
    ace = sd.dacl[0]
    assert ace.sid.to_string() == "S-1-0-0"

    if obj_guid is None and inherited_object_guid is None:
        # No GUID -> transformed in ACCESS_ALLOWED_ACE_TYPE
        assert ace.Header.AceType == gdef.ACCESS_ALLOWED_ACE_TYPE
        return
    assert ace.object_type == obj_guid
    assert ace.inherited_object_type == inherited_object_guid
Ejemplo n.º 5
0
def test_pacl_object():
    SDDL = "O:ANG:S-1-2-3D:(A;;;;;S-1-42-42)(A;;;;;S-1-42-43)(A;;;;;S-1-42-44)"
    dacl = SecurityDescriptor.from_string(SDDL).dacl
    assert dacl is not None
    assert len(dacl) == 3 # __len__
    assert len(list(dacl)) == 3 # __iter__
    assert len(dacl.aces) == 3

    assert ctypes.addressof(dacl[0]) == ctypes.addressof(dacl[0]) # __getitem__
    assert len([ctypes.addressof(dacl[i])for i in range(3)]) == 3

    with pytest.raises(IndexError):
        x = dacl[3]
Ejemplo n.º 6
0
def test_mask_sid_ace():
    SDDL = "D:(A;CIOI;CCGR;;;S-1-42-42)"
    # OBJECT_INHERIT_ACE(0x1L) | CONTAINER_INHERIT_ACE(0x2L)
    # Create-Child | GENERIC_READ(0x80000000L)
    sd = SecurityDescriptor.from_string(SDDL)
    dacl = sd.dacl
    assert dacl is not None
    ace = dacl[0]
    # Test the ACE
    assert ace.Header.AceType == gdef.ACCESS_ALLOWED_ACE_TYPE
    # flags + flags split
    assert ace.Header.AceFlags == gdef.OBJECT_INHERIT_ACE | gdef.CONTAINER_INHERIT_ACE
    assert set(ace.Header.flags) == {gdef.OBJECT_INHERIT_ACE, gdef.CONTAINER_INHERIT_ACE}
    # mask + mask split
    assert ace.Mask == 1 | gdef.GENERIC_READ
    assert set(ace.mask) == {1, gdef.GENERIC_READ}
    # SID
    assert ace.sid.to_string() == "S-1-42-42"
Ejemplo n.º 7
0
def test_security_descriptor__str__():
    sddl = "D:(A;;FA;;;WD)"
    sd = SecurityDescriptor.from_string(sddl)
    assert str(sd) == sddl
Ejemplo n.º 8
0
def test_empty_security_descriptor():
    esd = SecurityDescriptor.from_string("")
    assert esd.owner is None  # Should NOT be NULL PSID but None
    assert esd.group is None  # Should NOT be NULL PSID but None
    assert esd.dacl is None
    assert esd.sacl is None
Ejemplo n.º 9
0
def test_security_descriptor_from_string(sddl):
    sd = SecurityDescriptor.from_string(sddl)
Ejemplo n.º 10
0
def test_ace_sacl_subclass(sddl, ace_type):
    sd = SecurityDescriptor.from_string(sddl)
    sacl = sd.sacl
    assert len(sacl) == 1
    ace = sacl[0]  # Will raise if AceHeader is not handled
    assert ace.Header.AceType == ace_type