class TurboRex::Windows::Security::SecurityDescriptor

Attributes

control[R]
dacl[R]
group[R]
owner[R]
revision[R]
sacl[R]
sbzl[R]

Public Class Methods

from_raw(raw) click to toggle source

Very few robustness checks, may result in memory-corruption.

# File lib/turborex/windows/security/security_descriptor.rb, line 24
def self.from_raw(raw)
  apiproxy_klass = TurboRex::Windows::Win32API
  sd = apiproxy_klass.alloc_c_ary('BYTE', raw.bytesize)
  sd.str = raw
  
  # Get security descriptor control and revision
  pcontrol = apiproxy_klass.alloc_c_ptr('SECURITY_DESCRIPTOR_CONTROL')
  prevision = apiproxy_klass.alloc_c_ptr('DWORD')
  if apiproxy_klass.getsecuritydescriptorcontrol(sd, pcontrol, prevision) == 0
    raise_api_call_failure('GetSecurityDescriptorControl')
  end
  control = pcontrol[0]
  revision = prevision[0]
  
  # Get owner sid
  ppsid = apiproxy_klass.alloc_c_ptr('PSID')
  pownder_default = apiproxy_klass.alloc_c_ptr('BOOL')
  if apiproxy_klass.getsecuritydescriptorowner(sd, ppsid, pownder_default) == 0
    raise_api_call_failure('GetSecurityDescriptorOwner')
  end

  ppszsid = apiproxy_klass.alloc_c_ptr('LPSTR')
  if apiproxy_klass.convertsidtostringsida(ppsid[0], ppszsid) == 0
    raise_api_call_failure('ConvertSidToStringSidA')
  end
  sz_owner_sid = apiproxy_klass.memory_read_strz(ppszsid[0])

  # Get group sid
  if apiproxy_klass.getsecuritydescriptorgroup(sd, ppsid, pownder_default) == 0
    raise_api_call_failure('GetSecurityDescriptorGroup')
  end

  ppszsid = apiproxy_klass.alloc_c_ptr('LPSTR')
  if apiproxy_klass.convertsidtostringsida(ppsid[0], ppszsid) == 0
    raise_api_call_failure('ConvertSidToStringSidA')
  end
  sz_group_sid = apiproxy_klass.memory_read_strz(ppszsid[0])          
  
  # TODO: parse SACL


  # Get DACL
  ppacl = apiproxy_klass.alloc_c_ptr('PACL')
  dacl_present = apiproxy_klass.alloc_c_ptr('BOOL')
  pdacl_default = apiproxy_klass.alloc_c_ptr('BOOL') 
  if apiproxy_klass.getsecuritydescriptordacl(sd, dacl_present, ppacl, pdacl_default) == 0
    raise_api_call_failure('GetSecurityDescriptorDacl')
  end

  acl_revision_info = apiproxy_klass.alloc_c_struct('ACL_REVISION_INFORMATION')
  if apiproxy_klass.getaclinformation(ppacl[0], acl_revision_info, acl_revision_info.sizeof, apiproxy_klass::ACLREVISIONINFORMATION) == 0
    raise_api_call_failure('GetAclInformation')
  end
  acl_revision = acl_revision_info.AclRevision

  acl_size_info = apiproxy_klass.alloc_c_struct('ACL_SIZE_INFORMATION')
  if apiproxy_klass.getaclinformation(ppacl[0], acl_size_info, acl_size_info.sizeof, apiproxy_klass::ACLSIZEINFORMATION) == 0
    raise_api_call_failure('GetAclInformation')
  end
  ace_count = acl_size_info.AceCount

  ppace = apiproxy_klass.alloc_c_ptr('LPVOID')
  aces = []
  ace_count.times do |i|
    if apiproxy_klass.getace(ppacl[0], i, ppace) == 0
      raise_api_call_failure('GetACE')
    end

    # parse ace
    aces << parse_ace_from_ptr(ppace[0])
  end

  dacl = ACL::DACL.new(acl_revision, ace_count, aces)

  new(revision, control, sz_owner_sid, sz_group_sid, nil, dacl)
end
new(revision, control, owner, group, sacl, dacl, sbzl=0) click to toggle source
# File lib/turborex/windows/security/security_descriptor.rb, line 13
def initialize(revision, control, owner, group, sacl, dacl, sbzl=0)
  @revision = revision
  @sbzl = sbzl
  @control = control
  @owner = owner
  @group = group
  @sacl = sacl
  @dacl = dacl
end
parse_ace_from_ptr(ptr) click to toggle source
# File lib/turborex/windows/security/security_descriptor.rb, line 106
def self.parse_ace_from_ptr(ptr)
  ace_header = TurboRex::Windows::Win32API.alloc_c_struct('ACE_HEADER')
  raw_header = TurboRex::Windows::Utils.read_memory(ptr, ace_header.sizeof)
  ace_header.str = raw_header
  size = ace_header.AceSize

  raw_ace = TurboRex::Windows::Utils.read_memory(ptr, size)
  ACE.from_raw(raw_ace)
end
raise_api_call_failure(api_name) click to toggle source
# File lib/turborex/windows/security/security_descriptor.rb, line 102
def self.raise_api_call_failure(api_name)
  raise "Unable to call #{api_name}. GetLastError returns: #{TurboRex::Windows::Win32API.getlasterror}"
end