Class: Rex::Proto::MsDtyp::MsDtypSid

Inherits:

BinData::Primitive

• Object
• BinData::Primitive
• Rex::Proto::MsDtyp::MsDtypSid

Defined in:

lib/rex/proto/ms_dtyp.rb

Overview

[2.4.2.2 SID–Packet Representation](learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/f992ad60-0fe4-4b87-9fed-beb478836861)

Class Method Summary

• .from_sddl_text(sddl_text, domain_sid:) ⇒ Object

Instance Method Summary

• #get ⇒ Object
• #rid ⇒ Object
• #set(val) ⇒ Object
• #to_sddl_text(domain_sid: nil) ⇒ Object

Class Method Details

.from_sddl_text(sddl_text, domain_sid:) ⇒ Object

# File 'lib/rex/proto/ms_dtyp.rb', line 280

def self.from_sddl_text(sddl_text, domain_sid:)
  # see: https://learn.microsoft.com/en-us/windows/win32/secauthz/sid-strings
  sddl_text = sddl_text.dup.upcase

  if SDDL_SIDS.key?(sddl_text)
    sid_text = SDDL_SIDS[sddl_text].sub('${DOMAIN_SID}', domain_sid)
  elsif sddl_text =~ /^S(-\d+)+/
    sid_text = sddl_text
  else
    raise SDDLParseError.new('invalid SID string: ' + sddl_text)
  end

  self.new(sid_text)
end

Instance Method Details

#get ⇒ Object

# File 'lib/rex/proto/ms_dtyp.rb', line 185

def get
  str = 'S-1'
  str << "-#{("\x00\x00" + identifier_authority.to_binary_s).unpack1('Q>')}"
  str << '-' + sub_authority.map(&:to_s).join('-') unless sub_authority.empty?
  str
end

#rid ⇒ Object

# File 'lib/rex/proto/ms_dtyp.rb', line 192

def rid
  sub_authority.last
end

#set(val) ⇒ Object

Raises:

• (ArgumentError)

# File 'lib/rex/proto/ms_dtyp.rb', line 176

def set(val)
  # allow assignment from the human-readable string representation
  raise ArgumentError.new("Invalid SID: #{val}") unless val.is_a?(String) && val =~ /^S-1-(\d+)(-\d+)*$/

  _, _, ia, sa = val.split('-', 4)
  self.identifier_authority = [ia.to_i].pack('Q>')[2..].bytes
  self.sub_authority = sa.nil? ? [] : sa.split('-').map(&:to_i)
end

#to_sddl_text(domain_sid: nil) ⇒ Object

# File 'lib/rex/proto/ms_dtyp.rb', line 267

def to_sddl_text(domain_sid: nil)
  sid = to_s

  lookup = domain_sid.blank? ? sid : sid.sub(domain_sid, '${DOMAIN_SID}')
  if (sddl_text = self.class.const_get(:SDDL_SIDS).key(lookup)).nil?
    sddl_text = sid
  end
  # these short names aren't supported by all versions of Windows, avoid compatibility issues by not outputting them
  sddl_text = sid if %w[ AP CN EK KA ].include?(sddl_text)

  sddl_text
end