示例#1
0
    def from_buffer(buff):
        sd = SECURITY_DESCRIPTOR()
        sd.Revision = int.from_bytes(buff.read(1), 'little', signed=False)
        sd.Sbz1 = int.from_bytes(buff.read(1), 'little', signed=False)
        sd.Control = SE_SACL(
            int.from_bytes(buff.read(2), 'little', signed=False))
        OffsetOwner = int.from_bytes(buff.read(4), 'little', signed=False)
        OffsetGroup = int.from_bytes(buff.read(4), 'little', signed=False)
        OffsetSacl = int.from_bytes(buff.read(4), 'little', signed=False)
        OffsetDacl = int.from_bytes(buff.read(4), 'little', signed=False)
        if OffsetOwner > 0:
            buff.seek(OffsetOwner)
            sd.Owner = SID.from_buffer(buff)

        if OffsetGroup > 0:
            buff.seek(OffsetGroup)
            sd.Group = SID.from_buffer(buff)

        if OffsetSacl > 0:
            buff.seek(OffsetSacl)
            sd.Sacl = ACL.from_buffer(buff)

        if OffsetDacl > 0:
            buff.seek(OffsetDacl)
            sd.Dacl = ACL.from_buffer(buff)

        return sd
示例#2
0
 def from_buffer(buff):
     ace = SYSTEM_SCOPED_POLICY_ID_ACE()
     ace.Header = ACEHeader.from_buffer(buff)
     ace.Mask = ADS_ACCESS_MASK(
         int.from_bytes(buff.read(4), 'little', signed=False))
     ace.Sid = SID.from_buffer(buff)
     return ace
示例#3
0
 def from_buffer(buff):
     ace = SYSTEM_MANDATORY_LABEL_ACE()
     ace.Header = ACEHeader.from_buffer(buff)
     ace.Mask = ADS_ACCESS_MASK(
         int.from_bytes(buff.read(4), 'little', signed=False))
     ace.Sid = SID.from_buffer(buff)
     return ace
示例#4
0
	def from_buffer(buff):
		ace = SYSTEM_RESOURCE_ATTRIBUTE_ACE()
		ace.Header = ACEHeader.from_buffer(buff)
		ace.Mask = ADS_ACCESS_MASK(int.from_bytes(buff.read(4), 'little', signed = False))
		ace.Sid = SID.from_buffer(buff)
		ace.AttributeData = buff.read() #not really sure, this will consume the whole buffer! (but we dont know the size at this point!)
		return ace
示例#5
0
	def from_buffer(buff):
		ace = SYSTEM_AUDIT_CALLBACK_ACE()
		ace.Header = ACEHeader.from_buffer(buff)
		ace.Mask = ADS_ACCESS_MASK(int.from_bytes(buff.read(4), 'little', signed = False))
		ace.Sid = SID.from_buffer(buff)
		ace.ApplicationData = buff.read() #not really sure, this will consume the whole buffer! (but we dont know the size at this point!)
		return ace
示例#6
0
	def from_buffer(buff):
		ace = ACCESS_DENIED_OBJECT_ACE()
		ace.Header = ACEHeader.from_buffer(buff)
		ace.Mask = ADS_ACCESS_MASK(int.from_bytes(buff.read(4), 'little', signed = False))
		ace.Flags = ACCESS_ALLOWED_OBJECT_Flags(int.from_bytes(buff.read(4), 'little', signed = False))
		if ace.Flags & ACCESS_ALLOWED_OBJECT_Flags.ACE_OBJECT_TYPE_PRESENT:
			ace.ObjectType = GUID.from_buffer(buff)
		if ace.Flags & ACCESS_ALLOWED_OBJECT_Flags.ACE_INHERITED_OBJECT_TYPE_PRESENT:
			ace.InheritedObjectType = GUID.from_buffer(buff)
		ace.Sid = SID.from_buffer(buff)
		return ace
示例#7
0
 def get_tokengroups(self, dn):
     """
     returns the tokengroups attribute for a given DN
     """
     ldap_filter = r'(distinguishedName=%s)' % escape_filter_chars(dn)
     attributes=['tokenGroups']
     
     self._con.search(dn, ldap_filter, attributes=attributes, search_scope=BASE)
     for entry in self._con.response:
         if entry['attributes']['tokenGroups']:
             for sid_data in entry['attributes']['tokenGroups']:
                 yield str(SID.from_bytes(sid_data))
示例#8
0
	def from_buffer(buff):
		ace = SYSTEM_AUDIT_CALLBACK_OBJECT_ACE()
		ace.Header = ACEHeader.from_buffer(buff)
		ace.Mask = ADS_ACCESS_MASK(int.from_bytes(buff.read(4), 'little', signed = False))
		ace.Flags = ACCESS_ALLOWED_OBJECT_Flags(int.from_bytes(buff.read(4), 'little', signed = False))
		if ace.Flags & ACCESS_ALLOWED_OBJECT_Flags.ACE_OBJECT_TYPE_PRESENT:
			ace.ObjectType = GUID.from_buffer(buff)
		if ace.Flags & ACCESS_ALLOWED_OBJECT_Flags.ACE_INHERITED_OBJECT_TYPE_PRESENT:
			ace.InheritedObjectType = GUID.from_buffer(buff)
		ace.Sid = SID.from_buffer(buff)
		ace.ApplicationData = buff.read() #not really sure, this will consume the whole buffer! (but we dont know the size at this point!)
		return ace