NAME

Win32::SDDL - Parser for the Windows Security Descriptor Definition Language (SDDL)

VERSION

version 0.07

SYNOPSIS

use Win32::SDDL;

my $sddl = Win32::SDDL->new( 'service' );

$sddl->Import( 'D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)' );

foreach my $mask( @{$sddl->{ACL}} ){
    $trustees{ $mask->{Trustee} } = 1;
}

my @trustees = sort keys %trustees;


print scalar( @{$sddl->{ACL}} )." entries found.\n";

DESCRIPTION

This module was created to aid in interpreting SDDL strings commonly used in Windows to represent access control lists. SDDL stands for Security Descriptor Definition Language. Because SDDL uses many predefined constants, it can be difficult to read. This module provides an object-oriented interface for converting and using the information in SDDL strings.

NOTE: For resources relating to SDDL, see the SEE ALSO section of this document.

METHODS

Win32::SDDL->new( *type* );

Example:

my $sddl = Win32::SDDL->new( 'service' );

Creates a new Win32::SDDL object. Optionally, an object type can be provided. The only optional type supported at present is 'service'. This will change the value of certain constants as they have a different meaning for services than they do for files, registry keys, or other objects.

$sddl->Import( $sddl_string );

Example:

my $sddl_string = 'D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)';

$sddl->Import( $sddl_string ) or die( "Error!  Unable to import '$sddl_string'!\n" );

PROPERTIES

All Win32::SDDL objects have the following properties:

$sddl->{SDString}

The currently loaded SDDL string

$sddl->{Type}

The type of SDDL string (changes the description of some constants).

$sddl->{ACL}

An array of Win32::SDDL::ACE objects.

Each object has the following properties:

Flags

An array of flags translated into English.

AccessMask

An array of permissions translated into English.

Type

The type of ACE (SYSTEM_AUDIT,ACCESS_ALLOW, or ACCESS_DENY).

objectType

A GUID representing the object type for the ACE (usually empty).

InheritedObjectType

A GUID representing the parent object type if it exists.

Trustee

The Trustee name.

UPDATE HISTORY

See the Changes file.

FORTHCOMING CHANGES

Modular SID Translation

As originally written, the module uses WMI to translate SIDs to account names. The intention is to allow support for arbitrary translators, with the following to be provided by this module: WMI, native API call, LDAP, Offline.

BUGS

Please report any bugs or feature requests on the bugtracker website http://rt.cpan.org/Public/Dist/Display.html?Name=Win32-SDDL or by email to bug-win32-sddl at rt.cpan.org.

When submitting a bug or request, please include a test-file or a patch to an existing test-file that illustrates the bug or desired feature.

SUPPORT

Perldoc

You can find documentation for this module with the perldoc command.

perldoc Win32::SDDL

Websites

The following websites have more information about this module, and may be of help to you. As always, in addition to those websites please use your favorite search engine to discover more resources.

Bugs / Feature Requests

Please report any bugs or feature requests by email to bug-win32-sddl at rt.cpan.org, or through the web interface at https://rt.cpan.org/Public/Bug/Report.html?Queue=Win32-SDDL. You will be automatically notified of any progress on the request by the system.

Source Code

The code is open to the world, and available for you to hack on. Please feel free to browse it and play with it, or whatever. If you want to contribute patches, please send me a diff or prod me to pull from your repository :)

https://github.com/richardleach/Win32-SDDL

git clone https://github.com/richardleach/Win32-SDDL.git

SEE ALSO

Please see those modules/websites for more information related to this module.

AUTHOR

Tim Johnson, Richard Leach

COPYRIGHT AND LICENSE

This software is copyright (c) 2016 by Richard Leach. This software is copyright (c) 2006 by Tim Johnson.

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.