dissect.ntfs.secure
#
Module Contents#
Classes#
Lookup security descriptors from the $Secure file, or optionally just a file-like object of the $SDS. |
|
Parse a security descriptor from a file-like object. |
|
Parse an ACL from a file-like object. |
|
Parse an ACE from a file-like object. |
- class dissect.ntfs.secure.Secure(record: dissect.ntfs.mft.MftRecord = None, sds: BinaryIO = None)#
Lookup security descriptors from the $Secure file, or optionally just a file-like object of the $SDS.
Only one the record or sds arguments needs to be provided.
- Parameters:
record – The MFT record of the $Secure file, used when opening from a full NTFS volume.
sds – A file-like object of the $SDS stream, used when opening from separate system files.
- lookup(security_id: int) SecurityDescriptor #
Lookup a security descriptor by the security ID.
An index is used if available ($SII), otherwise we iterate all entries until we find the correct one.
- Parameters:
security_id – The security ID to lookup.
- Raises:
KeyError – If the security ID can’t be found.
- descriptors() Iterator[SecurityDescriptor] #
Return all security descriptors.
- class dissect.ntfs.secure.SecurityDescriptor(fh: BinaryIO)#
Parse a security descriptor from a file-like object.
- Parameters:
fh – The file-like object to parse a security descriptor from.
- class dissect.ntfs.secure.ACL(fh: BinaryIO)#
Parse an ACL from a file-like object.
- Parameters:
fh – The file-like object to parse an ACL from.
- class dissect.ntfs.secure.ACE(fh: BinaryIO)#
Parse an ACE from a file-like object.
- Parameters:
fh – The file-like object to parse an ACE from.
- property type: dissect.ntfs.c_ntfs.ACE_TYPE#
Return the ACE type.
- property is_standard_ace: bool#
Return whether this ACE is a standard ACE.
- property is_object_ace: bool#
Return whether this ACE is an object ACE.
- __repr__() str #
Return repr(self).