dissect.ntfs.secure¶
Module Contents¶
Classes¶
Lookup security descriptors from the |
|
Parse a security descriptor from a file-like object. |
|
Parse an ACL from a file-like object. |
|
Parse an ACE from a file-like object. |
- class dissect.ntfs.secure.Secure(record: dissect.ntfs.mft.MftRecord = None, sds: BinaryIO | None = None)¶
Lookup security descriptors from the
$Securefile, or optionally just a file-like object of the$SDS.Only one the
recordorsdsarguments needs to be provided.- Parameters:
record – The MFT record of the
$Securefile, used when opening from a full NTFS volume.sds – A file-like object of the
$SDSstream, used when opening from separate system files.
- record = None¶
- sds = None¶
- sii = None¶
- lookup¶
- descriptors() collections.abc.Iterator[SecurityDescriptor]¶
Return all security descriptors.
- class dissect.ntfs.secure.SecurityDescriptor(fh: BinaryIO)¶
Parse a security descriptor from a file-like object.
- Parameters:
fh – The file-like object to parse a security descriptor from.
- header¶
- owner = None¶
- group = None¶
- sacl = None¶
- dacl = None¶
- class dissect.ntfs.secure.ACL(fh: BinaryIO)¶
Parse an ACL from a file-like object.
- Parameters:
fh – The file-like object to parse an ACL from.
- header¶
- ace¶
- class dissect.ntfs.secure.ACE(fh: BinaryIO)¶
Parse an ACE from a file-like object.
- Parameters:
fh – The file-like object to parse an ACE from.
- header¶
- data¶
- mask = None¶
- flags = None¶
- object_type = None¶
- inherited_object_type = None¶
- sid = None¶
- compound_type = None¶
- server_sid = None¶
- application_data¶
- __repr__() str¶
- property type: dissect.ntfs.c_ntfs.ACE_TYPE¶
Return the ACE type.
- property is_standard_ace: bool¶
Return whether this ACE is a standard ACE.
- property is_compound_ace: bool¶
Return whether this ACE is a compound ACE.
- property is_object_ace: bool¶
Return whether this ACE is an object ACE.