def from_buffer(buff):
sd = SECURITY_DESCRIPTOR()
sd.Revision = int.from_bytes(buff.read(1), 'little', signed=False)
sd.Sbz1 = int.from_bytes(buff.read(1), 'little', signed=False)
sd.Control = SE_SACL(
int.from_bytes(buff.read(2), 'little', signed=False))
OffsetOwner = int.from_bytes(buff.read(4), 'little', signed=False)
OffsetGroup = int.from_bytes(buff.read(4), 'little', signed=False)
OffsetSacl = int.from_bytes(buff.read(4), 'little', signed=False)
OffsetDacl = int.from_bytes(buff.read(4), 'little', signed=False)
if OffsetOwner > 0:
buff.seek(OffsetOwner)
sd.Owner = SID.from_buffer(buff)
if OffsetGroup > 0:
buff.seek(OffsetGroup)
sd.Group = SID.from_buffer(buff)
if OffsetSacl > 0:
buff.seek(OffsetSacl)
sd.Sacl = ACL.from_buffer(buff)
if OffsetDacl > 0:
buff.seek(OffsetDacl)
sd.Dacl = ACL.from_buffer(buff)
return sd
def from_buffer(buff):
ace = SYSTEM_SCOPED_POLICY_ID_ACE()
ace.Header = ACEHeader.from_buffer(buff)
ace.Mask = ADS_ACCESS_MASK(
int.from_bytes(buff.read(4), 'little', signed=False))
ace.Sid = SID.from_buffer(buff)
return ace
def from_buffer(buff):
ace = SYSTEM_MANDATORY_LABEL_ACE()
ace.Header = ACEHeader.from_buffer(buff)
ace.Mask = ADS_ACCESS_MASK(
int.from_bytes(buff.read(4), 'little', signed=False))
ace.Sid = SID.from_buffer(buff)
return ace
def from_buffer(buff): ace = SYSTEM_RESOURCE_ATTRIBUTE_ACE() ace.Header = ACEHeader.from_buffer(buff) ace.Mask = ADS_ACCESS_MASK(int.from_bytes(buff.read(4), 'little', signed = False)) ace.Sid = SID.from_buffer(buff) ace.AttributeData = buff.read() #not really sure, this will consume the whole buffer! (but we dont know the size at this point!) return ace
def from_buffer(buff): ace = SYSTEM_AUDIT_CALLBACK_ACE() ace.Header = ACEHeader.from_buffer(buff) ace.Mask = ADS_ACCESS_MASK(int.from_bytes(buff.read(4), 'little', signed = False)) ace.Sid = SID.from_buffer(buff) ace.ApplicationData = buff.read() #not really sure, this will consume the whole buffer! (but we dont know the size at this point!) return ace
def from_buffer(buff): ace = ACCESS_DENIED_OBJECT_ACE() ace.Header = ACEHeader.from_buffer(buff) ace.Mask = ADS_ACCESS_MASK(int.from_bytes(buff.read(4), 'little', signed = False)) ace.Flags = ACCESS_ALLOWED_OBJECT_Flags(int.from_bytes(buff.read(4), 'little', signed = False)) if ace.Flags & ACCESS_ALLOWED_OBJECT_Flags.ACE_OBJECT_TYPE_PRESENT: ace.ObjectType = GUID.from_buffer(buff) if ace.Flags & ACCESS_ALLOWED_OBJECT_Flags.ACE_INHERITED_OBJECT_TYPE_PRESENT: ace.InheritedObjectType = GUID.from_buffer(buff) ace.Sid = SID.from_buffer(buff) return ace
def get_tokengroups(self, dn):
"""
returns the tokengroups attribute for a given DN
"""
ldap_filter = r'(distinguishedName=%s)' % escape_filter_chars(dn)
attributes=['tokenGroups']
self._con.search(dn, ldap_filter, attributes=attributes, search_scope=BASE)
for entry in self._con.response:
if entry['attributes']['tokenGroups']:
for sid_data in entry['attributes']['tokenGroups']:
yield str(SID.from_bytes(sid_data))
def from_buffer(buff): ace = SYSTEM_AUDIT_CALLBACK_OBJECT_ACE() ace.Header = ACEHeader.from_buffer(buff) ace.Mask = ADS_ACCESS_MASK(int.from_bytes(buff.read(4), 'little', signed = False)) ace.Flags = ACCESS_ALLOWED_OBJECT_Flags(int.from_bytes(buff.read(4), 'little', signed = False)) if ace.Flags & ACCESS_ALLOWED_OBJECT_Flags.ACE_OBJECT_TYPE_PRESENT: ace.ObjectType = GUID.from_buffer(buff) if ace.Flags & ACCESS_ALLOWED_OBJECT_Flags.ACE_INHERITED_OBJECT_TYPE_PRESENT: ace.InheritedObjectType = GUID.from_buffer(buff) ace.Sid = SID.from_buffer(buff) ace.ApplicationData = buff.read() #not really sure, this will consume the whole buffer! (but we dont know the size at this point!) return ace