ldap

package
v1.15.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 26, 2024 License: MIT Imports: 8 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var AccessAllowedObjectFlagsMap = map[AccessAllowedObjectFlags]string{

	ACE_OBJECT_TYPE_PRESENT:           "ACE_OBJECT_TYPE_PRESENT",
	ACE_INHERITED_OBJECT_TYPE_PRESENT: "ACE_INHERITED_OBJECT_TYPE_PRESENT",
}
View Source
var AceFlagsFullMap = map[AceFlags]string{
	OBJECT_INHERIT_ACE:         "OBJECT INHERIT",
	CONTAINER_INHERIT_ACE:      "CONTAINER INHERIT",
	NO_PROPAGATE_INHERIT_ACE:   "NO PROPAGATE INHERIT",
	INHERIT_ONLY_ACE:           "INHERIT ONLY",
	INHERITED_ACE:              "INHERITED",
	SUCCESSFUL_ACCESS_ACE_FLAG: "SUCCESSFUL ACCESS ACE FLAG",
	FAILED_ACCESS_ACE_FLAG:     "FAILED ACCESS ACE FLAG",
}
View Source
var AceMasksFullMap = map[AceMask]string{
	ADS_RIGHT_GENERIC_READ:           "GENERIC_READ(bit)",
	ADS_RIGHT_GENERIC_WRITE:          "GENERIC_WRITE(bit)",
	ADS_RIGHT_GENERIC_EXECUTE:        "GENERIC_EXECUTE(bit)",
	ADS_RIGHT_GENERIC_ALL:            "GENERIC_ALL(bit)",
	GENERIC_READ:                     "GENERIC_READ(mask)",
	GENERIC_WRITE:                    "GENERIC_WRITE(mask)",
	GENERIC_EXECUTE:                  "GENERIC_EXECUTE(mask)",
	GENERIC_ALL:                      "GENERIC_ALL(mask)",
	ADS_RIGHT_MAXIMUM_ALLOWED:        "MAXIMUM_ALLOWED",
	ADS_RIGHT_ACCESS_SYSTEM_SECURITY: "ACCESS_SYSTEM_SECURITY",
	ADS_RIGHT_SYNCHRONIZE:            "SYNCHRONIZE",
	ADS_RIGHT_WRITE_OWNER:            "WRITE_OWNER",
	ADS_RIGHT_WRITE_DAC:              "WRITE_DAC",
	ADS_RIGHT_READ_CONTROL:           "READ_CONTROL",
	ADS_RIGHT_DELETE:                 "DELETE",
	ADS_RIGHT_DS_CREATE_CHILD:        "DS_CREATE_CHILD",
	ADS_RIGHT_DS_DELETE_CHILD:        "DS_DELETE_CHILD",
	ADS_RIGHT_ACTRL_DS_LIST:          "ACTRL_DS_LIST",
	ADS_RIGHT_DS_SELF:                "DS_SELF",
	ADS_RIGHT_DS_READ_PROP:           "DS_READ_PROP",
	ADS_RIGHT_DS_WRITE_PROP:          "DS_WRITE_PROP",
	ADS_RIGHT_DS_DELETE_TREE:         "DS_DELETE_TREE",
	ADS_RIGHT_DS_LIST_OBJECT:         "DS_LIST_OBJECT",
	ADS_RIGHT_DS_CONTROL_ACCESS:      "DS_CONTROL_ACCESS",
}
View Source
var AceTypeFullMap = map[AceType]string{
	ACCESS_ALLOWED_ACE_TYPE:                 "Access Allowed",
	ACCESS_DENIED_ACE_TYPE:                  "Access Denied",
	SYSTEM_AUDIT_ACE_TYPE:                   "System Audit",
	SYSTEM_ALARM_ACE_TYPE:                   "System Alarm",
	ACCESS_ALLOWED_COMPOUND_ACE_TYPE:        "Access Allowed Compound",
	ACCESS_ALLOWED_OBJECT_ACE_TYPE:          "Access Allowed Object",
	ACCESS_DENIED_OBJECT_ACE_TYPE:           "Access Denied Object",
	SYSTEM_AUDIT_OBJECT_ACE_TYPE:            "System Audit Object",
	SYSTEM_ALARM_OBJECT_ACE_TYPE:            "System Alarm Object",
	ACCESS_ALLOWED_CALLBACK_ACE_TYPE:        "Access Allowed Callback",
	ACCESS_DENIED_CALLBACK_ACE_TYPE:         "Access Denied Callback",
	ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE: "Access Allowed Callback Object",
	ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE:  "Access Denied Callback Object",
	SYSTEM_AUDIT_CALLBACK_ACE_TYPE:          "System Audit Callback",
	SYSTEM_ALARM_CALLBACK_ACE_TYPE:          "System Alarm Callback",
	SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE:   "System Audit Callback Object",
	SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE:   "Ststem Alarm Callback Object",
	SYSTEM_MANDATORY_LABEL_ACE_TYPE:         "System Mandatory Label",
	SYSTEM_RESOURCE_ATTRIBUTE_ACE_TYPE:      "System Resource Attribute",
	SYSTEM_SCOPED_POLICY_ID_ACE_TYPE:        "System Scoped Polidy ID",
}
View Source
var ExtendedRights = map[string]string{
	"ab721a52-1e2f-11d0-9819-00aa0040529b": "Domain-Administer-Server",
	"ab721a53-1e2f-11d0-9819-00aa0040529b": "User-Change-Password",
	"00299570-246d-11d0-a768-00aa006e0529": "User-Force-Change-Password",
	"ab721a55-1e2f-11d0-9819-00aa0040529b": "Send-To",
	"c7407360-20bf-11d0-a768-00aa006e0529": "Domain-Password",
	"59ba2f42-79a2-11d0-9020-00c04fc2d3cf": "General-Information",
	"4c164200-20c0-11d0-a768-00aa006e0529": "User-Account-Restrictions",
	"5f202010-79a5-11d0-9020-00c04fc2d4cf": "User-Logon",
	"bc0ac240-79a9-11d0-9020-00c04fc2d4cf": "Membership",
	"a1990816-4298-11d1-ade2-00c04fd8d5cd": "Open-Address-Book",
	"e45795b2-9455-11d1-aebd-0000f80367c1": "Email-Information",
	"e45795b3-9455-11d1-aebd-0000f80367c1": "Web-Information",
	"1131f6aa-9c07-11d1-f79f-00c04fc2dcd2": "DS-Replication-Get-Changes",
	"1131f6ab-9c07-11d1-f79f-00c04fc2dcd2": "DS-Replication-Synchronize",
	"1131f6ac-9c07-11d1-f79f-00c04fc2dcd2": "DS-Replication-Manage-Topology",
	"e12b56b6-0a95-11d1-adbb-00c04fd8d5cd": "Change-Schema-Master",
	"d58d5f36-0a98-11d1-adbb-00c04fd8d5cd": "Change-Rid-Master",
	"fec364e0-0a98-11d1-adbb-00c04fd8d5cd": "Do-Garbage-Collection",
	"0bc1554e-0a99-11d1-adbb-00c04fd8d5cd": "Recalculate-Hierarchy",
	"1abd7cf8-0a99-11d1-adbb-00c04fd8d5cd": "Allocate-Rids",
	"bae50096-4752-11d1-9052-00c04fc2d4cf": "Change-PDC",
	"440820ad-65b4-11d1-a3da-0000f875ae0d": "Add-GUID",
	"014bf69c-7b3b-11d1-85f6-08002be74fab": "Change-Domain-Master",
	"4b6e08c0-df3c-11d1-9c86-006008764d0e": "msmq-Receive-Dead-Letter",
	"4b6e08c1-df3c-11d1-9c86-006008764d0e": "msmq-Peek-Dead-Letter",
	"4b6e08c2-df3c-11d1-9c86-006008764d0e": "msmq-Receive-computer-Journal",
	"4b6e08c3-df3c-11d1-9c86-006008764d0e": "msmq-Peek-computer-Journal",
	"06bd3200-df3e-11d1-9c86-006008764d0e": "msmq-Receive",
	"06bd3201-df3e-11d1-9c86-006008764d0e": "msmq-Peek",
	"06bd3202-df3e-11d1-9c86-006008764d0e": "msmq-Send",
	"06bd3203-df3e-11d1-9c86-006008764d0e": "msmq-Receive-journal",
	"b4e60130-df3f-11d1-9c86-006008764d0e": "msmq-Open-Connector",
	"edacfd8f-ffb3-11d1-b41d-00a0c968f939": "Apply-Group-Policy",
	"037088f8-0ae1-11d2-b422-00a0c968f939": "RAS-Information",
	"9923a32a-3607-11d2-b9be-0000f87a36b2": "DS-Install-Replica",
	"cc17b1fb-33d9-11d2-97d4-00c04fd8d5cd": "Change-Infrastructure-Master",
	"be2bb760-7f46-11d2-b9ad-00c04f79f805": "Update-Schema-Cache",
	"62dd28a8-7f46-11d2-b9ad-00c04f79f805": "Recalculate-Security-Inheritance",
	"69ae6200-7f46-11d2-b9ad-00c04f79f805": "DS-Check-Stale-Phantoms",
	"0e10c968-78fb-11d2-90d4-00c04f79dc55": "Certificate-Enrollment",
	"bf9679c0-0de6-11d0-a285-00aa003049e2": "Self-Membership",
	"72e39547-7b18-11d1-adef-00c04fd8d5cd": "Validated-DNS-Host-Name",
	"b7b1b3dd-ab09-4242-9e30-9980e5d322f7": "Generate-RSoP-Planning",
	"9432c620-033c-4db7-8b58-14ef6d0bf477": "Refresh-Group-Cache",
	"91d67418-0135-4acc-8d79-c08e857cfbec": "SAM-Enumerate-Entire-Domain",
	"b7b1b3de-ab09-4242-9e30-9980e5d322f7": "Generate-RSoP-Logging",
	"b8119fd0-04f6-4762-ab7a-4986c76b3f9a": "Domain-Other-Parameters",
	"e2a36dc9-ae17-47c3-b58b-be34c55ba633": "Create-Inbound-Forest-Trust",
	"1131f6ad-9c07-11d1-f79f-00c04fc2dcd2": "DS-Replication-Get-Changes-All",
	"ba33815a-4f93-4c76-87f3-57574bff8109": "Migrate-SID-History",
	"45ec5156-db7e-47bb-b53f-dbeb2d03c40f": "Reanimate-Tombstones",
	"2f16c4a5-b98e-432c-952a-cb388ba33f2e": "DS-Execute-Intentions-Script",
	"f98340fb-7c5b-4cdb-a00b-2ebdfa115a96": "DS-Replication-Monitor-Topology",
	"280f369c-67c7-438e-ae98-1d46f3c6f541": "Update-Password-Not-Required-Bit",
	"ccc2dc7d-a6ad-4a7a-8846-c04e3cc53501": "Unexpire-Password",
	"05c74c5e-4deb-43b4-bd9f-86664c2a7fd5": "Enable-Per-User-Reversibly-Encrypted-Password",
	"4ecc03fe-ffc0-4947-b630-eb672a8a9dbc": "DS-Query-Self-Quota",
	"91e647de-d96f-4b70-9557-d63ff4f3ccd8": "Private-Information",
	"1131f6ae-9c07-11d1-f79f-00c04fc2dcd2": "Read-Only-Replication-Secret-Synchronization",
	"5805bc62-bdc9-4428-a5e2-856a0f4c185e": "Terminal-Server-License-Server",
	"1a60ea8d-58a6-4b20-bcdc-fb71eb8a9ff8": "Reload-SSL-Certificate",
	"89e95b76-444d-4c62-991a-0facbeda640c": "DS-Replication-Get-Changes-In-Filtered-Set",
	"7726b9d5-a4b4-4288-a6b2-dce952e80a7f": "Run-Protect-Admin-Groups-Task",
	"7c0e2a7c-a419-48e4-a995-10180aad54dd": "Manage-Optional-Features",
	"3e0f7e18-2c7a-4c10-ba82-4d926db99a3e": "DS-Clone-Domain-Controller",
	"d31a8757-2447-4545-8081-3bb610cacbf2": "Validated-MS-DS-Behavior-Version",
	"80863791-dbe9-4eb8-837e-7f0ab55d9ac7": "Validated-MS-DS-Additional-DNS-Host-Name",
	"a05b8cc2-17bc-4802-a710-e7c15ab866a2": "Certificate-AutoEnrollment",
	"4125c71f-7fac-4ff0-bcb7-f09a41325286": "DS-Set-Owner",
	"88a9933e-e5c8-4f2a-9dd7-2527416b8092": "DS-Bypass-Quota",
	"084c93a2-620d-4879-a836-f0ae47de0e89": "DS-Read-Partition-Secrets",
	"94825a8d-b171-4116-8146-1e34d8f54401": "DS-Write-Partition-Secrets",
	"9b026da6-0d3c-465c-8bee-5199d7165cba": "DS-Validated-Write-Computer",
	"ab721a54-1e2f-11d0-9819-00aa0040529b": "Send-As",
	"ab721a56-1e2f-11d0-9819-00aa0040529b": "Receive-As",
	"77b5b886-944a-11d1-aebd-0000f80367c1": "Personal-Information",
	"e48d0154-bcf8-11d1-8702-00c04fb96050": "Public-Information",
	"f3a64788-5306-11d1-a9c5-0000f80367c1": "Validated-SPN",
	"68b1d179-0d15-4d4f-ab71-46152e79a7bc": "Allowed-To-Authenticate",
	"ffa6f046-ca4b-4feb-b40d-04dfee722543": "MS-TS-GatewayAccess",
}
View Source
var SDDLControlFullMap = map[SDDLControl]string{
	SE_SELF_RELATIVE:         "SELF_RELATIVE",
	SE_RM_CONTROL_VALID:      "RM_CONTROL_VALID",
	SE_SACL_PROTECTED:        "SACL_PROTECTED",
	SE_DACL_PROTECTED:        "DACL_PROTECTED",
	SE_SACL_AUTO_INHERITED:   "SACL_AUTO_INHERITED",
	SE_DACL_AUTO_INHERITED:   "DACL_AUTO_INHERITED",
	SE_SACL_AUTO_INHERIT_REQ: "SACL_COMPUTED_INHERITANCE_REQUIRED",
	SE_DACL_AUTO_INHERIT_REQ: "DACL_COMPUTED_INHERITANCE_REQUIRED",
	SE_SERVER_SECURITY:       "SERVER_SECURITY",
	SE_DACL_TRUSTED:          "DACL_TRUSTED",
	SE_SACL_DEFAULTED:        "SACL_DEFAULTED",
	SE_SACL_PRESENT:          "SACL_PRESENT",
	SE_DACL_DEFAULTED:        "DACL_DEFAULTED",
	SE_DACL_PRESENT:          "DACL_PRESENT",
	SE_GROUP_DEFAULTED:       "GROUP_DEFAULTED",
	SE_OWNER_DEFAULTED:       "OWNER_DEFAULTED",
}
View Source
var SchemaObjects = map[string]string{}/* 1769 elements not displayed */
View Source
var WellKnownSids = map[string]string{
	"S-1-0":        "BUILTIN\\Null Authority",
	"S-1-0-0":      "BUILTIN\\Nobody",
	"S-1-1":        "BUILTIN\\World Authority",
	"S-1-1-0":      "BUILTIN\\Everyone",
	"S-1-2":        "BUILTIN\\Local Authority",
	"S-1-2-0":      "BUILTIN\\Local",
	"S-1-2-1":      "BUILTIN\\Console Logon",
	"S-1-3":        "BUILTIN\\Creator Authority",
	"S-1-3-0":      "BUILTIN\\Creator Owner",
	"S-1-3-1":      "BUILTIN\\Creator Group",
	"S-1-3-2":      "BUILTIN\\Creator Owner Server",
	"S-1-3-3":      "BUILTIN\\Creator Group Server",
	"S-1-3-4":      "BUILTIN\\Owner Rights",
	"S-1-4":        "BUILTIN\\Non-unique Authority",
	"S-1-5":        "BUILTIN\\NT Authority",
	"S-1-5-1":      "BUILTIN\\Dialup",
	"S-1-5-2":      "BUILTIN\\Network",
	"S-1-5-3":      "BUILTIN\\Batch",
	"S-1-5-4":      "BUILTIN\\Interactive",
	"S-1-5-6":      "BUILTIN\\Service",
	"S-1-5-7":      "BUILTIN\\Anonymous",
	"S-1-5-8":      "BUILTIN\\Proxy",
	"S-1-5-9":      "BUILTIN\\Enterprise Domain Controllers",
	"S-1-5-10":     "BUILTIN\\Principal Self",
	"S-1-5-11":     "BUILTIN\\Authenticated Users",
	"S-1-5-12":     "BUILTIN\\Restricted Code",
	"S-1-5-13":     "BUILTIN\\Terminal Server Users",
	"S-1-5-14":     "BUILTIN\\Remote Interactive Logon",
	"S-1-5-15":     "BUILTIN\\This Organization",
	"S-1-5-17":     "BUILTIN\\This Organization",
	"S-1-5-18":     "BUILTIN\\Local System",
	"S-1-5-19":     "BUILTIN\\NT Authority",
	"S-1-5-20":     "BUILTIN\\NT Authority",
	"S-1-5-80":     "BUILTIN\\NT Service",
	"S-1-5-80-0":   "BUILTIN\\All Services",
	"S-1-5-83-0":   "NT VIRTUAL MACHINE\\Virtual Machines",
	"S-1-16-0":     "BUILTIN\\Untrusted Mandatory Level",
	"S-1-5-32-544": "BUILTIN\\Administrators",
	"S-1-5-32-545": "BUILTIN\\Users",
	"S-1-5-32-546": "BUILTIN\\Guests",
	"S-1-5-32-547": "BUILTIN\\Power Users",
	"S-1-5-32-548": "BUILTIN\\Account Operators",
	"S-1-5-32-549": "BUILTIN\\Server Operators",
	"S-1-5-32-550": "BUILTIN\\Print Operators",
	"S-1-5-32-551": "BUILTIN\\Backup Operators",
	"S-1-5-32-552": "BUILTIN\\Replicators",
	"S-1-5-64-10":  "BUILTIN\\NTLM Authentication",
	"S-1-5-64-14":  "BUILTIN\\SChannel Authentication",
	"S-1-5-64-21":  "BUILTIN\\Digest Authentication",
	"S-1-16-4096":  "BUILTIN\\Low Mandatory Level",
	"S-1-16-8192":  "BUILTIN\\Medium Mandatory Level",
	"S-1-16-8448":  "BUILTIN\\Medium Plus Mandatory Level",
	"S-1-16-12288": "BUILTIN\\High Mandatory Level",
	"S-1-16-16384": "BUILTIN\\System Mandatory Level",
	"S-1-16-20480": "BUILTIN\\Protected Process Mandatory Level",
	"S-1-16-28672": "BUILTIN\\Secure Process Mandatory Level",
	"S-1-5-32-554": "BUILTIN\\Pre-Windows 2000 Compatible Access",
	"S-1-5-32-555": "BUILTIN\\Remote Desktop Users",
	"S-1-5-32-556": "BUILTIN\\Network Configuration Operators",
	"S-1-5-32-557": "BUILTIN\\Incoming Forest Trust Builders",
	"S-1-5-32-558": "BUILTIN\\Performance Monitor Users",
	"S-1-5-32-559": "BUILTIN\\Performance Log Users",
	"S-1-5-32-560": "BUILTIN\\Windows Authorization Access Group",
	"S-1-5-32-561": "BUILTIN\\Terminal Server License Servers",
	"S-1-5-32-562": "BUILTIN\\Distributed COM Users",
	"S-1-5-32-568": "BUILTIN\\IIS_IUSRS",
	"S-1-5-32-569": "BUILTIN\\Cryptographic Operators",
	"S-1-5-32-573": "BUILTIN\\Event Log Readers",
	"S-1-5-32-574": "BUILTIN\\Certificate Service DCOM Access",
	"S-1-5-32-575": "BUILTIN\\RDS Remote Access Servers",
	"S-1-5-32-576": "BUILTIN\\RDS Endpoint Servers",
	"S-1-5-32-577": "BUILTIN\\RDS Management Servers",
	"S-1-5-32-578": "BUILTIN\\Hyper-V Administrators",
	"S-1-5-32-579": "BUILTIN\\Access Control Assistance Operators",
	"S-1-5-32-580": "BUILTIN\\Remote Management Users",
}

Functions

func AccessAllowedObjectFlagsToFullStr added in v1.11.0

func AccessAllowedObjectFlagsToFullStr(flags AccessAllowedObjectFlags) string

func AccessAllowedObjectFlagsToStr added in v1.11.0

func AccessAllowedObjectFlagsToStr(flags AccessAllowedObjectFlags) string

func AceFlagsToFullStr added in v1.11.0

func AceFlagsToFullStr(flags AceFlags) string

func AceFlagsToStr added in v1.11.0

func AceFlagsToStr(flags AceFlags) string

func AceMaskToFullStr added in v1.11.0

func AceMaskToFullStr(mask AceMask) string

func AceMaskToStr added in v1.11.0

func AceMaskToStr(mask AceMask) string

func AceTypeToFullStr added in v1.11.0

func AceTypeToFullStr(aceType AceType) string

func AceTypeToStr added in v1.11.0

func AceTypeToStr(aceType AceType) string

func AllowedOrDenied added in v1.11.0

func AllowedOrDenied(aceType AceType) string

func GUIDToFullStr added in v1.11.6

func GUIDToFullStr(guid string) string

func GetInheritanceFlags added in v1.13.2

func GetInheritanceFlags(flags AceFlags) string

func GetPropagationFlags added in v1.13.2

func GetPropagationFlags(flags AceFlags) string

func IsInherit added in v1.11.0

func IsInherit(flag AccessAllowedObjectFlags) bool

func MarshalGUID

func MarshalGUID(objectGUID []byte) (string, error)

MarshalGUID 把 []byte 的 objectGUID 转换成可读字符串

生成 guid 时,前三部分字节反转
[0:4]-[4:6]-[6:8]-[8:10]-[10:16]

func MarshalSid

func MarshalSid(objectSid []byte) (string, error)

MarshalSid 把 []byte 的 objectSid 转换成可读字符串

子授权机构数量(不在字符串中显示)Sub-Authority Count:1
S-版本号-授权标识符-子授权机构标识符...
S-{Revision:0}-{Identifier-Authority:2-8}-{Sub-Authority:8-end/4}

func RegisterAce added in v1.11.0

func RegisterAce(aceType AceType, constructor AceConstructor)

RegisterAce 注册 Ace 解析构造函数

func SDDLControlToFullStr added in v1.11.0

func SDDLControlToFullStr(control SDDLControl) string

func SDDLControlToStr added in v1.11.0

func SDDLControlToStr(control SDDLControl) string

Types

type AccessAllowedObjectFlags added in v1.11.0

type AccessAllowedObjectFlags uint32

ACCESS_ALLOWED_OBJECT_ACE, ACCESS_DENIED_OBJECT_ACE 的 flags

const (
	Null                              AccessAllowedObjectFlags = 0x00000000
	ACE_OBJECT_TYPE_PRESENT           AccessAllowedObjectFlags = 0x00000001
	ACE_INHERITED_OBJECT_TYPE_PRESENT AccessAllowedObjectFlags = 0x00000002
)

type Ace added in v1.11.0

type Ace interface {
	Size() int // 返回 Ace 大小,即下一个的偏移量
	NtString() string
	fmt.Stringer
}

func NewAce added in v1.11.0

func NewAce(aceBytes []byte) (ace Ace, err error)

NewAce 创建 Ace

func NewDefaultAce added in v1.11.0

func NewDefaultAce(aceBytes []byte) (ace Ace, err error)

type AceConstructor added in v1.11.0

type AceConstructor func(aceBytes []byte) (Ace, error)

AceConstructor Ace 构造函数签名

type AceFlags added in v1.11.0

type AceFlags byte

AceFlags ACE Flags

const (
	OBJECT_INHERIT_ACE         AceFlags = 0x01
	CONTAINER_INHERIT_ACE      AceFlags = 0x02
	NO_PROPAGATE_INHERIT_ACE   AceFlags = 0x04
	INHERIT_ONLY_ACE           AceFlags = 0x08
	INHERITED_ACE              AceFlags = 0x10
	SUCCESSFUL_ACCESS_ACE_FLAG AceFlags = 0x40
	FAILED_ACCESS_ACE_FLAG     AceFlags = 0x80
)

type AceHeader added in v1.11.0

type AceHeader struct {
	AceType  byte   `json:"aceType"`
	AceFlags byte   `json:"aceFlags"`
	AceSize  uint16 `json:"-"` // LittleEndian
}

AceHeader Ace 头部信息,定义 Ace 类型和 Ace flags,4个字节

 -----------------------------------------------
| 0x00-0x07 | 0x08-0x0F | 0x10-0x17 | 0x18-0x1F |
| AceType   | AceFlags  |        AceSize        |
 -----------------------------------------------

type AceMask added in v1.11.0

type AceMask uint32
const (
	// generic rights 是抽象的权限,会根据不同的对象类型,映射不同的权限
	ADS_RIGHT_GENERIC_READ    AceMask = 0x80000000 // 读
	ADS_RIGHT_GENERIC_WRITE   AceMask = 0x40000000 // 写
	ADS_RIGHT_GENERIC_EXECUTE AceMask = 0x20000000 // 列出容器内容的权限
	ADS_RIGHT_GENERIC_ALL     AceMask = 0x10000000 // 所有权限

	GENERIC_READ    AceMask = 131220 // 实际 GENERIC_READ 的掩码
	GENERIC_WRITE   AceMask = 131112 // 实际 GENERIC_WRITE 的掩码
	GENERIC_EXECUTE AceMask = 131076 // 实际 GENERIC_EXECUTE 的掩码
	GENERIC_ALL     AceMask = 983551 // 实际 GENERIC_ALL 的掩码

	ADS_RIGHT_MAXIMUM_ALLOWED        AceMask = 0x02000000
	ADS_RIGHT_ACCESS_SYSTEM_SECURITY AceMask = 0x01000000 // 读写SACL权限
	ADS_RIGHT_SYNCHRONIZE            AceMask = 0x00100000 // 同步的权限

	// std rights
	ADS_RIGHT_WRITE_OWNER  AceMask = 0x00080000 // 所有者的权限
	ADS_RIGHT_WRITE_DAC    AceMask = 0x00040000 // 修改DACL权限
	ADS_RIGHT_READ_CONTROL AceMask = 0x00020000 // 读ntSecurityDescriptor权限(不含SACL)
	ADS_RIGHT_DELETE       AceMask = 0x00010000 // 删除权限

	// ds right
	ADS_RIGHT_DS_CREATE_CHILD   AceMask = 0x00000001 // 新建子对象的权限
	ADS_RIGHT_DS_DELETE_CHILD   AceMask = 0x00000002 // 删除子对象的权限
	ADS_RIGHT_ACTRL_DS_LIST     AceMask = 0x00000004 // 列出自对象的权限
	ADS_RIGHT_DS_SELF           AceMask = 0x00000008
	ADS_RIGHT_DS_READ_PROP      AceMask = 0x00000010 // 读属性
	ADS_RIGHT_DS_WRITE_PROP     AceMask = 0x00000020 // 写属性
	ADS_RIGHT_DS_DELETE_TREE    AceMask = 0x00000040 // 删除子对象
	ADS_RIGHT_DS_LIST_OBJECT    AceMask = 0x00000080 // 列出对象权限
	ADS_RIGHT_DS_CONTROL_ACCESS AceMask = 0x00000100
)

type AceType added in v1.11.0

type AceType byte

AceType Ace类型

const (
	ACCESS_ALLOWED_ACE_TYPE                 AceType = 0x00
	ACCESS_DENIED_ACE_TYPE                  AceType = 0x01
	SYSTEM_AUDIT_ACE_TYPE                   AceType = 0x02
	SYSTEM_ALARM_ACE_TYPE                   AceType = 0x03
	ACCESS_ALLOWED_COMPOUND_ACE_TYPE        AceType = 0x04
	ACCESS_ALLOWED_OBJECT_ACE_TYPE          AceType = 0x05
	ACCESS_DENIED_OBJECT_ACE_TYPE           AceType = 0x06
	SYSTEM_AUDIT_OBJECT_ACE_TYPE            AceType = 0x07
	SYSTEM_ALARM_OBJECT_ACE_TYPE            AceType = 0x08
	ACCESS_ALLOWED_CALLBACK_ACE_TYPE        AceType = 0x09
	ACCESS_DENIED_CALLBACK_ACE_TYPE         AceType = 0x0a
	ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE AceType = 0x0b
	ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE  AceType = 0x0c
	SYSTEM_AUDIT_CALLBACK_ACE_TYPE          AceType = 0x0d
	SYSTEM_ALARM_CALLBACK_ACE_TYPE          AceType = 0x0e
	SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE   AceType = 0x0f
	SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE   AceType = 0x10
	SYSTEM_MANDATORY_LABEL_ACE_TYPE         AceType = 0x11
	SYSTEM_RESOURCE_ATTRIBUTE_ACE_TYPE      AceType = 0x12
	SYSTEM_SCOPED_POLICY_ID_ACE_TYPE        AceType = 0x13
)

type Acl added in v1.11.0

type Acl struct {
	AclRevision byte   `json:"-"`
	Sbz1        byte   `json:"-"`
	AclSize     uint16 `json:"-"`        // LittleEndian
	AceCount    uint16 `json:"aceCount"` // LittleEndian
	Sbz2        uint16 `json:"-"`        // LittleEndian
	AceList     []Ace  `json:"aceList"`
}

Acl

 -----------------------------------------------
| 0x00-0x07 | 0x08-0x0F | 0x10-0x17 | 0x18-0x1F |
| Revision  | Sbz1      |        AclSize        |
|        AceCount       |         Sbz2          |
|                 AceList(variable)             |
 -----------------------------------------------

func NewAcl added in v1.11.0

func NewAcl(aclBytes []byte) (acl *Acl, err error)

func (*Acl) NtString added in v1.11.0

func (a *Acl) NtString() string

func (*Acl) String added in v1.11.0

func (a *Acl) String() string

type AclRevision added in v1.11.0

type AclRevision byte
const (
	ACL_REVISION    AclRevision = 0x02 // AceTypes 仅允许 0x00, 0x01, 0x02, 0x03, 0x11, 0x12, 0x13
	ACL_REVISION_DS AclRevision = 0x04 // AceTypes 仅允许 0x05, 0x06, 0x07, 0x08, 0x11
)

type DefaultAce added in v1.11.0

type DefaultAce struct {
	*AceHeader
	Data []byte `json:"-"`
}

DefaultAce 默认 Ace 结构体,只解析 AceHeader

func (*DefaultAce) NtString added in v1.11.0

func (a *DefaultAce) NtString() string

func (*DefaultAce) Size added in v1.11.0

func (a *DefaultAce) Size() int

func (*DefaultAce) String added in v1.11.0

func (a *DefaultAce) String() string

type Guid added in v1.11.0

type Guid struct {
	Data1 uint32 // LittleEndian
	Data2 uint16 // LittleEndian
	Data3 uint16 // LittleEndian
	Data4 [8]byte
}

Guid

struct:
 -------------------------------------------------------------------------------
| 0x00-0x07         | 0x08-0x0F         | 0x10-0x17         | 0x18-0x1F         |
|                                 Data1(4 bytes)                                |
|              Data2(2 bytes)           |              Data3(2 bytes)           |
|                                 Data4(8 bytes)                                |
 -------------------------------------------------------------------------------

string:
	Data1, Data2, Data3 前三部分字节反转
	[0:4]-[4:6]-[6:8]-[8:10]-[10:16]

func NewGuid added in v1.11.0

func NewGuid(guidBytes []byte) (*Guid, error)

NewGuid 把 []byte 的 Guid 转换成 Guid 结构体指针

如果转换失败,则返回错误,并且 Guid 为 nil

func (*Guid) Alias added in v1.11.0

func (g *Guid) Alias() string

Alias return friendly guid name

func (Guid) MarshalJSON added in v1.11.0

func (g Guid) MarshalJSON() ([]byte, error)

func (*Guid) String added in v1.11.0

func (g *Guid) String() string

String implement fmt.Stringer interface

type NtSecurityDescriptor added in v1.11.0

type NtSecurityDescriptor struct {
	Revision    byte   `json:"-"`
	Sbz1        byte   `json:"-"`
	Control     uint16 `json:"control"` // LittleEndian
	OffsetOwner uint32 `json:"-"`       // LittleEndian
	OffsetGroup uint32 `json:"-"`       // LittleEndian
	OffsetSacl  uint32 `json:"-"`       // LittleEndian
	OffsetDacl  uint32 `json:"-"`       // LittleEndian
	OwnerSid    *Sid   `json:"ownerSid"`
	GroupSid    *Sid   `json:"groupSid"`
	Sacl        *Acl   `json:"sacl"`
	Dacl        *Acl   `json:"dacl"`
}

NtSecurityDescriptor

 -----------------------------------------------
| 0x00-0x07 | 0x08-0x0F | 0x10-0x17 | 0x18-0x1F |
| Revision  | Sbz1      |        Control        |
|                  OffsetOwner                  |
|                  OffsetGroup                  |
|                  OffsetSacl                   |
|                  OffsetDacl                   |
|               OwnerSid(variable)              |
|               GroupSid(variable)              |
|                 Sacl(variable)                |
|                 Dacl(variable)                |
 -----------------------------------------------

func NewNtSecurityDescriptor added in v1.11.0

func NewNtSecurityDescriptor(descBytes []byte) (descriptor *NtSecurityDescriptor, err error)

func (*NtSecurityDescriptor) NtString added in v1.11.0

func (d *NtSecurityDescriptor) NtString() string

func (*NtSecurityDescriptor) String added in v1.11.0

func (d *NtSecurityDescriptor) String() string

type SDDLControl added in v1.11.0

type SDDLControl uint16
const (
	SE_SELF_RELATIVE         SDDLControl = 0x8000 // SR
	SE_RM_CONTROL_VALID      SDDLControl = 0x4000 // RM
	SE_SACL_PROTECTED        SDDLControl = 0x2000 // PS
	SE_DACL_PROTECTED        SDDLControl = 0x1000 // PD
	SE_SACL_AUTO_INHERITED   SDDLControl = 0x0800 // SI
	SE_DACL_AUTO_INHERITED   SDDLControl = 0x0400 // DI
	SE_SACL_AUTO_INHERIT_REQ SDDLControl = 0x0200 // SC
	SE_DACL_AUTO_INHERIT_REQ SDDLControl = 0x0100 // DC
	SE_SERVER_SECURITY       SDDLControl = 0x0080 // SS
	SE_DACL_TRUSTED          SDDLControl = 0x0040 // DT
	SE_SACL_DEFAULTED        SDDLControl = 0x0020 // SD
	SE_SACL_PRESENT          SDDLControl = 0x0010 // SP
	SE_DACL_DEFAULTED        SDDLControl = 0x0008 // DD
	SE_DACL_PRESENT          SDDLControl = 0x0004 // DP
	SE_GROUP_DEFAULTED       SDDLControl = 0x0002 // GD
	SE_OWNER_DEFAULTED       SDDLControl = 0x0001 // OD
)

type Sid added in v1.11.0

type Sid struct {
	Revision            byte
	SubAuthorityCount   byte     // maximum number is 15
	IdentifierAuthority [6]byte  // BigEndian
	SubAuthority        []uint32 // size is SubAuthorityCount
}

Sid

struct:
 -------------------------------------------------------------------------------
| 0x00-0x07         | 0x08-0x0F         | 0x10-0x17         | 0x18-0x1F         |
| Revision(0x01)    | SubAuthorityCount |      IdentifierAuthority(6 bytes)     |
|                               SubAuthority(variable)                          |
 -------------------------------------------------------------------------------

string:
	子授权机构数量(不在字符串中显示)SubAuthorityCount
	S-版本号-授权标识符-子授权机构标识符...
	S-{Revision}-{IdentifierAUthority}-{SubAuthority...}

func NewSid added in v1.11.0

func NewSid(sidBytes []byte) (*Sid, error)

NewSid 把 []byte 的 Sid 转换成 Sid 结构体指针

如果转换失败,则返回错误,并且 Sid 为 nil

func (*Sid) Alias added in v1.11.0

func (s *Sid) Alias() string

Alias return well known sid

func (Sid) MarshalJSON added in v1.11.0

func (s Sid) MarshalJSON() ([]byte, error)

func (*Sid) String added in v1.11.0

func (s *Sid) String() string

String implement fmt.Stringer interface

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL