dissect.ntfs.secure#
Module Contents#
Classes#
Lookup security descriptors from the |
|
Parse a security descriptor from a file-like object. |
|
Parse an ACL from a file-like object. |
|
Parse an ACE from a file-like object. |
- class dissect.ntfs.secure.Secure(record: dissect.ntfs.mft.MftRecord = None, sds: BinaryIO = None)#
Lookup security descriptors from the
$Securefile, or optionally just a file-like object of the$SDS.Only one the
recordorsdsarguments needs to be provided.- Parameters:
record – The MFT record of the
$Securefile, used when opening from a full NTFS volume.sds – A file-like object of the
$SDSstream, used when opening from separate system files.
- lookup(security_id: int) SecurityDescriptor#
Lookup a security descriptor by the security ID.
An index is used if available (
$SII), otherwise we iterate all entries until we find the correct one.- Parameters:
security_id – The security ID to lookup.
- Raises:
KeyError – If the security ID can’t be found.
- descriptors() Iterator[SecurityDescriptor]#
Return all security descriptors.
- class dissect.ntfs.secure.SecurityDescriptor(fh: BinaryIO)#
Parse a security descriptor from a file-like object.
- Parameters:
fh – The file-like object to parse a security descriptor from.
- class dissect.ntfs.secure.ACL(fh: BinaryIO)#
Parse an ACL from a file-like object.
- Parameters:
fh – The file-like object to parse an ACL from.
- class dissect.ntfs.secure.ACE(fh: BinaryIO)#
Parse an ACE from a file-like object.
- Parameters:
fh – The file-like object to parse an ACE from.
- property type: dissect.ntfs.c_ntfs.ACE_TYPE#
Return the ACE type.
- property is_standard_ace: bool#
Return whether this ACE is a standard ACE.
- property is_object_ace: bool#
Return whether this ACE is an object ACE.
- __repr__() str#
Return repr(self).