dissect.ntfs.secure
¶
Module Contents¶
Classes¶
Lookup security descriptors from the |
|
Parse a security descriptor from a file-like object. |
|
Parse an ACL from a file-like object. |
|
Parse an ACE from a file-like object. |
- class dissect.ntfs.secure.Secure(record: dissect.ntfs.mft.MftRecord = None, sds: BinaryIO = None)¶
Lookup security descriptors from the
$Secure
file, or optionally just a file-like object of the$SDS
.Only one the
record
orsds
arguments needs to be provided.- Parameters:
record – The MFT record of the
$Secure
file, used when opening from a full NTFS volume.sds – A file-like object of the
$SDS
stream, used when opening from separate system files.
- lookup(security_id: int) SecurityDescriptor ¶
Lookup a security descriptor by the security ID.
An index is used if available (
$SII
), otherwise we iterate all entries until we find the correct one.- Parameters:
security_id – The security ID to lookup.
- Raises:
KeyError – If the security ID can’t be found.
- descriptors() Iterator[SecurityDescriptor] ¶
Return all security descriptors.
- class dissect.ntfs.secure.SecurityDescriptor(fh: BinaryIO)¶
Parse a security descriptor from a file-like object.
- Parameters:
fh – The file-like object to parse a security descriptor from.
- class dissect.ntfs.secure.ACL(fh: BinaryIO)¶
Parse an ACL from a file-like object.
- Parameters:
fh – The file-like object to parse an ACL from.
- class dissect.ntfs.secure.ACE(fh: BinaryIO)¶
Parse an ACE from a file-like object.
- Parameters:
fh – The file-like object to parse an ACE from.
- property type: dissect.ntfs.c_ntfs.ACE_TYPE¶
Return the ACE type.
- property is_standard_ace: bool¶
Return whether this ACE is a standard ACE.
- property is_compound_ace: bool¶
Return whether this ACE is a compound ACE.
- property is_object_ace: bool¶
Return whether this ACE is an object ACE.
- __repr__() str ¶
Return repr(self).