From: Douglas Bagnall Date: Wed, 26 Jul 2023 05:50:22 +0000 (+1200) Subject: libcli/security: script to turn token/descriptor pairs into sddl X-Git-Tag: tevent-0.16.0~814 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3c3007909580ada71ecf262eb673d9001478e4fb;p=thirdparty%2Fsamba.git libcli/security: script to turn token/descriptor pairs into sddl We fuzz security descriptors in a couple of different ways, and this maps seeds from one form into the other. The SDDL examples can also be used in Windows tests. Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett --- diff --git a/libcli/security/tests/data/extract-sddl-seeds b/libcli/security/tests/data/extract-sddl-seeds new file mode 100755 index 00000000000..27ca407d645 --- /dev/null +++ b/libcli/security/tests/data/extract-sddl-seeds @@ -0,0 +1,72 @@ +#!/usr/bin/env python3 +# +# Copyright (C) Catalyst IT Ltd. 2023 +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# +"""USAGE: extract-sddl-seeds SRCDIR SDDLDIR + +SRCDIR should have fuzz_security_token_vs_descriptor seeds. + +SDDLDIR will end up with SDDL strings representing the security +descriptors in the seeds, along with 4 trailing bytes representing an +access mask. This is the format used by the SDDL fuzzers. +""" + + +import sys +sys.path.insert(0, "bin/python") + +from pathlib import Path +from hashlib import md5 +from samba.ndr import ndr_unpack, ndr_pack +from samba.dcerpc.security import token_descriptor_fuzzing_pair + + +def usage(ret): + print(__doc__) + exit(ret) + + +def main(): + if {'-h', '--help'}.intersection(sys.argv): + usage(0) + if len(sys.argv) != 3: + usage(1) + + src, dest = sys.argv[1:] + sp = Path(src) + dp = Path(dest) + + raw_strings = set() + sddl_strings = set() + + for filename in sp.iterdir(): + with open(filename, 'rb') as f: + raw_strings.add(f.read()) + + for s in raw_strings: + pair = ndr_unpack(s) + sd = pair.sd.as_sddl() + mask = pair.access_desired + b = sd.encode() + mask.to_bytes(4, 'little') + sddl_strings.add(b) + + for s in sddl_strings: + name = md5(s).hexdigest() + with open(dp / name, "wb") as f: + f.write(s) + + +main()