Class: Rex::Proto::MsDtyp::MsDtypAccessMask

Inherits:

BinData::Record

Object
BinData::Record
Rex::Proto::MsDtyp::MsDtypAccessMask

show all

Defined in:: lib/rex/proto/ms_dtyp.rb

Overview

[2.4.3 ACCESS_MASK](learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/7a53f60e-e730-4dfe-bbe9-b21b62eb790b)

Constant Summary collapse

ALL =

MsDtypAccessMask.new({ gr: 1, gw: 1, gx: 1, ga: 1, ma: 1, as: 1, sy: 1, wo: 1, wd: 1, rc: 1, de: 1, protocol: 0xffff })

NONE =

MsDtypAccessMask.new({ gr: 0, gw: 0, gx: 0, ga: 0, ma: 0, as: 0, sy: 0, wo: 0, wd: 0, rc: 0, de: 0, protocol: 0 })

Class Method Summary collapse

.from_sddl_text(sddl_text) ⇒ Object

Class Method Details

.from_sddl_text(sddl_text) ⇒ `Object`

# File 'lib/rex/proto/ms_dtyp.rb', line 91

def self.from_sddl_text(sddl_text)
  if sddl_text =~ /\A0x[0-9a-fA-F]{1,8}\Z/
    return self.read([sddl_text.delete_prefix('0x').to_i(16)].pack('L<'))
  end

  access_mask = self.new
  sddl_text.split(/(G[ARWX]|RC|SD|WD|WO|RP|WP|CC|DC|LC|SW|LO|DT|CR|F[ARWX]|K[ARWX]|N[RWX])/).each do |right|
    case right
    # generic access rights
    when 'GA', 'GR', 'GW', 'GX'
      access_mask.send("#{right.downcase}=", true)
    # standard access rights
    when 'RC'
      access_mask.rc = true
    when 'SD'
      access_mask.de = true
    when 'WD', 'WO'
      access_mask.send("#{right.downcase}=", true)
    # directory service object access rights
    when 'RP'
      access_mask.protocol |= 16
    when 'WP'
      access_mask.protocol |= 32
    when 'CC'
      access_mask.protocol |= 1
    when 'DC'
      access_mask.protocol |= 2
    when 'LC'
      access_mask.protocol |= 4
    when 'SW'
      access_mask.protocol |= 8
    when 'LO'
      access_mask.protocol |= 128
    when 'DT'
      access_mask.protocol |= 64
    when 'CR'
      access_mask.protocol |= 256
    # file access rights
    when 'FA'
      access_mask.protocol |= 0x1ff
      access_mask.de = true
      access_mask.rc = true
      access_mask.wd = true
      access_mask.wo = true
      access_mask.sy = true
    when 'FR'
      access_mask.protocol |= 0x89
    when 'FW'
      access_mask.protocol |= 0x116
    when 'FX'
      access_mask.protocol |= 0xa0
    # registry key access rights
    when 'KA'
      access_mask.protocol |= 0x3f
      access_mask.de = true
      access_mask.rc = true
      access_mask.wd = true
      access_mask.wo = true
    when 'KR'
      access_mask.protocol |= 0x19
    when 'KW'
      access_mask.protocol |= 0x06
    when 'KX'
      access_mask.protocol |= 0x19
    when 'NR', 'NW', 'NX'
      raise SDDLParseError.new('unsupported ACE access right: ' + right)
    when ''
    else
      raise SDDLParseError.new('unknown ACE access right: ' + right)
    end
  end

  access_mask
end

Instance Method Details

#bit_names ⇒ `Object`

# File 'lib/rex/proto/ms_dtyp.rb', line 33

def bit_names
  names = []
  names << :GENERIC_READ if self.gr != 0
  names << :GENERIC_WRITE if self.gw != 0
  names << :GENERIC_EXECUTE if self.gx != 0
  names << :GENERIC_ALL if self.ga != 0
  names << :MAXIMUM_ALLOWED if self.ma != 0
  names << :ACCESS_SYSTEM_SECURITY if self.as != 0
  names << :SYNCHRONIZE if self.sy != 0
  names << :WRITE_OWNER if self.wo != 0
  names << :WRITE_DACL if self.wd != 0
  names << :READ_CONTROL if self.rc != 0
  names << :DELETE if self.de != 0
  names
end

#to_sddl_text ⇒ `Object`

# File 'lib/rex/proto/ms_dtyp.rb', line 52

def to_sddl_text
  sddl_text_tokens = []

  if (protocol & 0b1111111000000000) != 0 || ma == 1 || as == 1
    # if one of these conditions are true, we can't reduce this to a set of flags so dump it as hex
    return "0x#{to_binary_s.unpack1('L<').to_s(16).rjust(8, '0')}"
  end

  sddl_text_tokens << 'GA' if ga == 1
  sddl_text_tokens << 'GR' if gr == 1
  sddl_text_tokens << 'GW' if gw == 1
  sddl_text_tokens << 'GX' if gx == 1

  file_access_mask = protocol & 0b000111111111
  sddl_text_tokens << 'FA' if file_access_mask == 0b000111111111 && de == 1 && rc == 1 && wd == 1 && wo == 1 && sy == 1
  sddl_text_tokens << 'FR' if file_access_mask == 0b000010001001
  sddl_text_tokens << 'FW' if file_access_mask == 0b000100010110
  sddl_text_tokens << 'FX' if file_access_mask == 0b000010100000

  # windows does not reduce registry access flags (i.e. KA, KR, KW) so ignore them here to match it

  sddl_text_tokens << 'CC' if (protocol & 0b000000000001) != 0 && !sddl_text_tokens.include?('FA') && !sddl_text_tokens.include?('FR')
  sddl_text_tokens << 'DC' if (protocol & 0b000000000010) != 0 && !sddl_text_tokens.include?('FA') && !sddl_text_tokens.include?('FW')
  sddl_text_tokens << 'LC' if (protocol & 0b000000000100) != 0 && !sddl_text_tokens.include?('FA') && !sddl_text_tokens.include?('FW')
  sddl_text_tokens << 'SW' if (protocol & 0b000000001000) != 0 && !sddl_text_tokens.include?('FA') && !sddl_text_tokens.include?('FR')
  sddl_text_tokens << 'RP' if (protocol & 0b000000010000) != 0 && !sddl_text_tokens.include?('FA') && !sddl_text_tokens.include?('FW')
  sddl_text_tokens << 'WP' if (protocol & 0b000000100000) != 0 && !sddl_text_tokens.include?('FA') && !sddl_text_tokens.include?('FX')
  sddl_text_tokens << 'DT' if (protocol & 0b000001000000) != 0 && !sddl_text_tokens.include?('FA')
  sddl_text_tokens << 'LO' if (protocol & 0b000010000000) != 0 && !sddl_text_tokens.include?('FA')
  sddl_text_tokens << 'CR' if (protocol & 0b000100000000) != 0 && !sddl_text_tokens.include?('FA')

  sddl_text_tokens << 'SD' if de == 1 && !sddl_text_tokens.include?('FA')
  sddl_text_tokens << 'RC' if rc == 1 && !sddl_text_tokens.include?('FA')
  sddl_text_tokens << 'WD' if wd == 1 && !sddl_text_tokens.include?('FA')
  sddl_text_tokens << 'WO' if wo == 1 && !sddl_text_tokens.include?('FA')

  sddl_text_tokens.join('')
end

Class: Rex::Proto::MsDtyp::MsDtypAccessMask

Overview

Constant Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.from_sddl_text(sddl_text) ⇒ Object

Instance Method Details

#bit_names ⇒ Object

#to_sddl_text ⇒ Object

.from_sddl_text(sddl_text) ⇒ `Object`

#bit_names ⇒ `Object`

#to_sddl_text ⇒ `Object`