dissect.ntfs.secure#

Module Contents#

Classes#

Secure

Lookup security descriptors from the $Secure file, or optionally just a file-like object of the $SDS.

SecurityDescriptor

Parse a security descriptor from a file-like object.

ACL

Parse an ACL from a file-like object.

ACE

Parse an ACE from a file-like object.

class dissect.ntfs.secure.Secure(record: dissect.ntfs.mft.MftRecord = None, sds: BinaryIO = None)#

Lookup security descriptors from the $Secure file, or optionally just a file-like object of the $SDS.

Only one the record or sds arguments needs to be provided.

Parameters:
  • record – The MFT record of the $Secure file, used when opening from a full NTFS volume.

  • sds – A file-like object of the $SDS stream, used when opening from separate system files.

lookup(security_id: int) SecurityDescriptor#

Lookup a security descriptor by the security ID.

An index is used if available ($SII), otherwise we iterate all entries until we find the correct one.

Parameters:

security_id – The security ID to lookup.

Raises:

KeyError – If the security ID can’t be found.

descriptors() Iterator[SecurityDescriptor]#

Return all security descriptors.

class dissect.ntfs.secure.SecurityDescriptor(fh: BinaryIO)#

Parse a security descriptor from a file-like object.

Parameters:

fh – The file-like object to parse a security descriptor from.

class dissect.ntfs.secure.ACL(fh: BinaryIO)#

Parse an ACL from a file-like object.

Parameters:

fh – The file-like object to parse an ACL from.

class dissect.ntfs.secure.ACE(fh: BinaryIO)#

Parse an ACE from a file-like object.

Parameters:

fh – The file-like object to parse an ACE from.

property type: dissect.ntfs.c_ntfs.ACE_TYPE#

Return the ACE type.

property is_standard_ace: bool#

Return whether this ACE is a standard ACE.

property is_compound_ace: bool#

Return whether this ACE is a compound ACE.

property is_object_ace: bool#

Return whether this ACE is an object ACE.

__repr__() str#

Return repr(self).