java 如何按规范顺序对SDDL DACL ace进行排序?

xggvc2p6  于 2024-01-05  发布在  Java
关注(0)|答案(1)|浏览(168)

基于this,我使用https://github.com/Tirasa/ADSDDL库来操作SDDL

  1. implementation("net.tirasa:adsddl:1.9")

字符串
要启用标志user cannot change password,我使用以下代码行:

  1. SDDLHelper.userCannotChangePassword(sddl, true)


但是,当我去Windows ADAC(活动目录管理中心),我看到的消息,我的王牌是不是在规范秩序,它让我重新排序。
因此,我在DACL中得到以下A:

  1. P(OA;;[16];4c164200-20c0-11d0-a768-00aa006e0529;;S-1-5-21-1313564838-424579665-4250201628-553)
  2. (OA;;[16];5f202010-79a5-11d0-9020-00c04fc2d4cf;;S-1-5-21-1313564838-424579665-4250201628-553)
  3. (OA;;[16];bc0ac240-79a9-11d0-9020-00c04fc2d4cf;;S-1-5-21-1313564838-424579665-4250201628-553)
  4. (OA;;[16];037088f8-0ae1-11d2-b422-00a0c968f939;;S-1-5-21-1313564838-424579665-4250201628-553)
  5. (OA;;WP[16];bf967a7f-0de6-11d0-a285-00aa003049e2;;S-1-5-21-1313564838-424579665-4250201628-517)
  6. (OA;;[16];46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)
  7. (OA;;WP[16];6db69a1c-9422-11d1-aebd-0000f80367c1;;S-1-5-32-561)
  8. (OA;;WP[16];5805bc62-bdc9-4428-a5e2-856a0f4c185e;;S-1-5-32-561)
  9. (OD;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;S-1-1-0)
  10. (OD;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;S-1-5-10)
  11. (OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;S-1-5-10)
  12. (OA;;CR;ab721a56-1e2f-11d0-9819-00aa0040529b;;S-1-5-10)
  13. (OA;;[16];59ba2f42-79a2-11d0-9020-00c04fc2d3cf;;S-1-5-11)
  14. (OA;;[16];e48d0154-bcf8-11d1-8702-00c04fb96050;;S-1-5-11)
  15. (OA;;[16];77b5b886-944a-11d1-aebd-0000f80367c1;;S-1-5-11)
  16. (OA;;[16];e45795b3-9455-11d1-aebd-0000f80367c1;;S-1-5-11)
  17. (OA;;WP[16];77b5b886-944a-11d1-aebd-0000f80367c1;;S-1-5-10)
  18. (OA;;WP[16];e45795b2-9455-11d1-aebd-0000f80367c1;;S-1-5-10)
  19. (OA;;WP[16];e45795b3-9455-11d1-aebd-0000f80367c1;;S-1-5-10)
  20. (A;;WOWDRCSDCRWP[223];;;S-1-5-21-1313564838-424579665-4250201628-512)
  21. (A;;WOWDRCSDCRWP[223];;;S-1-5-32-548)
  22. (A;;RC;;;S-1-5-11)
  23. (A;;RC[148];;;S-1-5-10)
  24. (A;;WOWDRCSDCRWP[223];;;S-1-5-18)
  25. (OA;CIIOID;[16];4c164200-20c0-11d0-a768-00aa006e0529;4828cc14-1437-45bc-9b07-ad6f015e5f28;S-1-5-32-554)
  26. (OA;CIID;[16];4c164200-20c0-11d0-a768-00aa006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;S-1-5-32-554)
  27. (OA;CIIOID;[16];5f202010-79a5-11d0-9020-00c04fc2d4cf;4828cc14-1437-45bc-9b07-ad6f015e5f28;S-1-5-32-554)
  28. (OA;CIID;[16];5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;S-1-5-32-554)
  29. (OA;CIIOID;[16];bc0ac240-79a9-11d0-9020-00c04fc2d4cf;4828cc14-1437-45bc-9b07-ad6f015e5f28;S-1-5-32-554)
  30. (OA;CIID;[16];bc0ac240-79a9-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;S-1-5-32-554)
  31. (OA;CIIOID;[16];59ba2f42-79a2-11d0-9020-00c04fc2d3cf;4828cc14-1437-45bc-9b07-ad6f015e5f28;S-1-5-32-554)
  32. (OA;CIID;[16];59ba2f42-79a2-11d0-9020-00c04fc2d3cf;bf967aba-0de6-11d0-a285-00aa003049e2;S-1-5-32-554)
  33. (OA;CIIOID;[16];037088f8-0ae1-11d2-b422-00a0c968f939;4828cc14-1437-45bc-9b07-ad6f015e5f28;S-1-5-32-554)
  34. (OA;CIID;[16];037088f8-0ae1-11d2-b422-00a0c968f939;bf967aba-0de6-11d0-a285-00aa003049e2;S-1-5-32-554)
  35. (OA;CIID;WP[16];5b47d60f-6090-40b2-9f37-2a4de88f3063;;S-1-5-21-1313564838-424579665-4250201628-526)
  36. (OA;CIID;WP[16];5b47d60f-6090-40b2-9f37-2a4de88f3063;;S-1-5-21-1313564838-424579665-4250201628-527)
  37. (OA;CIIOID;[8];9b026da6-0d3c-465c-8bee-5199d7165cba;bf967a86-0de6-11d0-a285-00aa003049e2;S-1-3-0)
  38. (OA;CIIOID;[8];9b026da6-0d3c-465c-8bee-5199d7165cba;bf967a86-0de6-11d0-a285-00aa003049e2;S-1-5-10)
  39. (OA;CIIOID;[16];b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a86-0de6-11d0-a285-00aa003049e2;S-1-5-9)
  40. (OA;CIIOID;[16];b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a9c-0de6-11d0-a285-00aa003049e2;S-1-5-9)
  41. (OA;CIID;[16];b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967aba-0de6-11d0-a285-00aa003049e2;S-1-5-9)
  42. (OA;CIIOID;WP;ea1b7b93-5e48-46d5-bc6c-4df4fda78a35;bf967a86-0de6-11d0-a285-00aa003049e2;S-1-5-10)
  43. (OA;CIIOID;RC[148];;4828cc14-1437-45bc-9b07-ad6f015e5f28;S-1-5-32-554)
  44. (OA;CIIOID;RC[148];;bf967a9c-0de6-11d0-a285-00aa003049e2;S-1-5-32-554)
  45. (OA;CIID;RC[148];;bf967aba-0de6-11d0-a285-00aa003049e2;S-1-5-32-554)
  46. (OA;CIIDOI;WP[16];3f78c3e5-f79a-46bd-a0b8-9d18116ddc79;;S-1-5-10)
  47. (OA;CIID;CRWP[16];91e647de-d96f-4b70-9557-d63ff4f3ccd8;;S-1-5-10)
  48. (A;CIID;WOWDRCSDCRWP[223];;;S-1-5-21-1313564838-424579665-4250201628-519)
  49. (A;CIID;[4];;;S-1-5-32-554)
  50. (A;CIID;WOWDRCSDCRWP[157];;;S-1-5-32-544)


我已经明白了根本原因是在片段:

  1. (OA;;WP[16];5805bc62-bdc9-4428-a5e2-856a0f4c185e;;S-1-5-32-561)
  2. (OD;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;S-1-1-0)
  3. (OD;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;S-1-5-10)
  4. (OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;S-1-5-10)


正如我所理解的,所有的OD应该在所有的OA之前。但是我想决定一般的问题并实现排序。我在哪里可以找到所有的排序规则?
我已经找到this,但我不明白是什么:

  1. Explicit ACEs
  2. Deny ACEs
  3. Regular ACEs
  4. object ACEs


我如何用代码识别它们。

Java

1条答案

按热度按时间
vs3odd8k

vs3odd8k1#

您实际上是在问如何在代码中识别这些类型。您可以检查SDDL字符串中的模式/特定ACE类型。仅供参考,拒绝ACE通常以SDDL中的“D:“开始,而允许ACE以“A:“开头。因此,您可以检查前缀
我用C++写了一个小的demo,在这里:

  1. #include <iostream>
  2. #include <algorithm>
  3. #include <vector>
  5. // Your ACE structure
  6. struct ACE
  7. {
  8.     std::string type;        // "OA" -> Allow, "OD" -> Deny
  9.     std::string rights;      // Access rights
  10.     std::string objectType;  // Object type (optional - if applicable)
  11.     std::string trustee;     // Trustee identifier
  12. };
  14. // Comparator function for sorting ACEs
  15. bool compareACEs(const ACE& ace1, const ACE& ace2)
  16. {
  17.     // Use your own sorting here. This is just an example...
  18.     if (ace1.type != ace2.type)
  19.     {
  20.         return ace1.type < ace2.type;
  21.     }
  22.     if (ace1.rights != ace2.rights)
  23.     {
  24.         return ace1.rights < ace2.rights;
  25.     }
  26.     return ace1.trustee < ace2.trustee;
  27. }
  29. int main()
  30. {
  31.     // Sample ACEs
  32.     std::vector<ACE> aces = 
  33.     {
  34.         {"OA", "WP[16]", "", "S-1-5-32-561"},
  35.         {"OD", "CR", "", "S-1-1-0"},
  36.         {"OD", "CR", "", "S-1-5-10"},
  37.         {"OA", "CR", "", "S-1-5-10"}
  38.         // Here you can add more ACEs as needed
  39.     };
  41.     // Sort the ACEs using the compareACEs function where you put your own sorting
  42.     // scheme.
  43.     std::sort(aces.begin(), aces.end(), compareACEs);
  45.     // our output
  46.     for (const auto& ace : aces)
  47.     {
  48.         std::cout << "(" << ace.type << ";;" << ace.rights << ";" << ace.objectType << ";;" << ace.trustee << ")" << std::endl;
  49.     }
  51.     return 0;
  52. }

字符串

展开查看全部
赞(0)分享  回复(0)举报  2024-01-05
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com