Security Descriptors¶
This module implements security descriptors, and associated data structures, as specified in [MS-DTYP].
- class smb.security_descriptors.SID(revision, identifier_authority, subauthorities)[source]¶
A Windows security identifier. Represents a single principal, such a user or a group, as a sequence of numbers consisting of the revision, identifier authority, and a variable-length list of subauthorities.
See [MS-DTYP]: 2.4.2
- identifier_authority¶
An integer representing the identifier authority.
- revision¶
Revision, should always be 1.
- subauthorities¶
A list of integers representing all subauthorities.
- class smb.security_descriptors.ACE(type_, flags, mask, sid, additional_data)[source]¶
Represents a single access control entry.
See [MS-DTYP]: 2.4.4
- additional_data¶
A dictionary of additional fields present in the ACE, depending on the type. The following fields can be present:
flags
object_type
inherited_object_type
application_data
attribute_data
- flags¶
An integer bitmask with ACE flags, corresponds to the
AceFlags
field.
- property isInheritOnly¶
Convenience property which indicates if this ACE is inherit only, meaning that it doesn’t apply to the object itself.
- mask¶
An integer representing the
ACCESS_MASK
as specified in [MS-DTYP] 2.4.3.
- type¶
An integer representing the type of the ACE. One of the
ACE_TYPE_*
constants. Corresponds to theAceType
field from [MS-DTYP] 2.4.4.1.
- class smb.security_descriptors.ACL(revision, aces)[source]¶
Access control list, encapsulating a sequence of access control entries.
See [MS-DTYP]: 2.4.5
- revision¶
Integer value of the revision.
- class smb.security_descriptors.SecurityDescriptor(flags, owner, group, dacl, sacl)[source]¶
Represents a security descriptor.
See [MS-DTYP]: 2.4.6
- dacl¶
Instance of
ACL
representing the discretionary access control list, which specifies access restrictions of an object.
- flags¶
Integer bitmask of control flags. Corresponds to the
Control
field in [MS-DTYP] 2.4.6.