def open_file(cls, tree, file):
file = cls.normalize_filename(file)
# ensure file is created, get maximal access, and set everybody read access
max_req = SMB2CreateContextRequest()
max_req[
"buffer_name"] = CreateContextName.SMB2_CREATE_QUERY_MAXIMAL_ACCESS_REQUEST
max_req["buffer_data"] = SMB2CreateQueryMaximalAccessRequest()
# create security buffer that sets the ACL for everyone to have read access
everyone_sid = SIDPacket()
everyone_sid.from_string("S-1-1-0")
ace = AccessAllowedAce()
ace["mask"] = AccessMask.GENERIC_ALL
ace["sid"] = everyone_sid
acl = AclPacket()
acl["aces"] = [ace]
sec_desc = SMB2CreateSDBuffer()
sec_desc["control"].set_flag(SDControl.SELF_RELATIVE)
sec_desc.set_dacl(acl)
sd_buffer = SMB2CreateContextRequest()
sd_buffer["buffer_name"] = CreateContextName.SMB2_CREATE_SD_BUFFER
sd_buffer["buffer_data"] = sec_desc
create_contexts = [max_req, sd_buffer]
file_open = Open(tree, file)
open_info = file_open.create(
ImpersonationLevel.Impersonation,
FilePipePrinterAccessMask.GENERIC_READ
| FilePipePrinterAccessMask.GENERIC_WRITE,
FileAttributes.FILE_ATTRIBUTE_NORMAL,
ShareAccess.FILE_SHARE_READ | ShareAccess.FILE_SHARE_WRITE,
CreateDisposition.FILE_OVERWRITE_IF,
CreateOptions.FILE_NON_DIRECTORY_FILE,
)
return file_open
def test_parse_message_sacl_group(self):
actual = SMB2CreateSDBuffer()
data = b"\x01" \
b"\x00" \
b"\x10\x00" \
b"\x00\x00\x00\x00" \
b"\x14\x00\x00\x00" \
b"\x20\x00\x00\x00" \
b"\x00\x00\x00\x00" \
b"\x01" \
b"\x01" \
b"\x00\x00" \
b"\x00\x00\x00\x01" \
b"\x00\x00\x00\x00" \
b"\x02" \
b"\x00" \
b"\x1c\x00" \
b"\x01\x00" \
b"\x00\x00" \
b"\x00" \
b"\x00" \
b"\x14\x00" \
b"\x00\x00\x00\x00" \
b"\x01" \
b"\x01" \
b"\x00\x00" \
b"\x00\x00\x00\x01" \
b"\x00\x00\x00\x00"
actual.unpack(data)
assert len(actual) == 60
assert actual['revision'].get_value() == 1
assert actual['sbz1'].get_value() == 0
assert actual['control'].get_value() == 16
assert actual['offset_owner'].get_value() == 0
assert actual['offset_group'].get_value() == 20
assert actual['offset_sacl'].get_value() == 32
assert actual['offset_dacl'].get_value() == 0
assert len(actual['buffer']) == 40
assert not actual.get_owner()
assert str(actual.get_group()) == "S-1-1-0"
sacl = actual.get_sacl()
assert sacl['acl_revision'].get_value() == AclRevision.ACL_REVISION
assert sacl['sbz1'].get_value() == 0
assert sacl['acl_size'].get_value() == 28
assert sacl['ace_count'].get_value() == 1
assert sacl['sbz2'].get_value() == 0
saces = sacl['aces'].get_value()
assert isinstance(saces, list)
assert len(saces) == 1
assert saces[0]['ace_type'].get_value() == \
AceType.ACCESS_ALLOWED_ACE_TYPE
assert saces[0]['ace_flags'].get_value() == 0
assert saces[0]['ace_size'].get_value() == 20
assert saces[0]['mask'].get_value() == 0
assert str(saces[0]['sid']) == "S-1-1-0"
assert not actual.get_dacl()
def test_create_message_sacl_group(self):
sid = SIDPacket()
sid.from_string("S-1-1-0")
ace = AccessAllowedAce()
ace['sid'] = sid
acl = AclPacket()
acl['aces'] = [ace]
message = SMB2CreateSDBuffer()
message.set_dacl(None)
message.set_owner(None)
message.set_group(sid)
message.set_sacl(acl)
expected = b"\x01" \
b"\x00" \
b"\x10\x00" \
b"\x00\x00\x00\x00" \
b"\x14\x00\x00\x00" \
b"\x20\x00\x00\x00" \
b"\x00\x00\x00\x00" \
b"\x01" \
b"\x01" \
b"\x00\x00" \
b"\x00\x00\x00\x01" \
b"\x00\x00\x00\x00" \
b"\x02" \
b"\x00" \
b"\x1c\x00" \
b"\x01\x00" \
b"\x00\x00" \
b"\x00" \
b"\x00" \
b"\x14\x00" \
b"\x00\x00\x00\x00" \
b"\x01" \
b"\x01" \
b"\x00\x00" \
b"\x00\x00\x00\x01" \
b"\x00\x00\x00\x00"
actual = message.pack()
assert len(message) == 60
assert actual == expected
def test_parse_message(self):
actual = SMB2CreateSDBuffer()
data = b"\x01" \
b"\x00" \
b"\x04\x80" \
b"\x54\x00\x00\x00" \
b"\x70\x00\x00\x00" \
b"\x00\x00\x00\x00" \
b"\x14\x00\x00\x00" \
b"\x02" \
b"\x00" \
b"\x40\x00" \
b"\x02\x00" \
b"\x00\x00" \
b"\x00" \
b"\x00" \
b"\x14\x00" \
b"\xff\x01\x1f\x00" \
b"\x01" \
b"\x01" \
b"\x00\x00" \
b"\x00\x00\x00\x01" \
b"\x00\x00\x00\x00" \
b"\x00" \
b"\x00" \
b"\x24\x00" \
b"\xff\x01\x1f\x00" \
b"\x01" \
b"\x05" \
b"\x00\x00" \
b"\x00\x00\x00\x05" \
b"\x15\x00\x00\x00" \
b"\x3a\x8d\x4b\xc1" \
b"\xa5\x92\x3e\xe1" \
b"\xb9\x36\xe4\x62" \
b"\x50\x04\x00\x00" \
b"\x01\x05" \
b"\x00\x00" \
b"\x00\x00\x00\x05" \
b"\x15\x00\x00\x00" \
b"\x3a\x8d\x4b\xc1" \
b"\xa5\x92\x3e\xe1" \
b"\xb9\x36\xe4\x62" \
b"\x50\x04\x00\x00" \
b"\x01" \
b"\x01" \
b"\x00\x00" \
b"\x00\x00\x00\x01" \
b"\x00\x00\x00\x00"
actual.unpack(data)
assert len(actual) == 124
assert actual['revision'].get_value() == 1
assert actual['sbz1'].get_value() == 0
assert actual['control'].get_value() == 32772
assert actual['offset_owner'].get_value() == 84
assert actual['offset_group'].get_value() == 112
assert actual['offset_sacl'].get_value() == 0
assert actual['offset_dacl'].get_value() == 20
assert len(actual['buffer']) == 104
assert str(actual.get_owner()) == \
"S-1-5-21-3242954042-3778974373-1659123385-1104"
assert str(actual.get_group()) == "S-1-1-0"
assert not actual.get_sacl()
dacl = actual.get_dacl()
assert dacl['acl_revision'].get_value() == AclRevision.ACL_REVISION
assert dacl['sbz1'].get_value() == 0
assert dacl['acl_size'].get_value() == 64
assert dacl['ace_count'].get_value() == 2
assert dacl['sbz2'].get_value() == 0
daces = dacl['aces'].get_value()
assert isinstance(daces, list)
assert len(daces) == 2
assert daces[0]['ace_type'].get_value() == \
AceType.ACCESS_ALLOWED_ACE_TYPE
assert daces[0]['ace_flags'].get_value() == 0
assert daces[0]['ace_size'].get_value() == 20
assert daces[0]['mask'].get_value() == 2032127
assert str(daces[0]['sid']) == "S-1-1-0"
assert daces[1]['ace_type'].get_value() == \
AceType.ACCESS_ALLOWED_ACE_TYPE
assert daces[1]['ace_flags'].get_value() == 0
assert daces[1]['ace_size'].get_value() == 36
assert daces[1]['mask'].get_value() == 2032127
assert str(daces[1]['sid']) == \
"S-1-5-21-3242954042-3778974373-1659123385-1104"
def test_create_message(self):
sid1 = SIDPacket()
sid1.from_string("S-1-1-0")
sid2 = SIDPacket()
sid2.from_string("S-1-5-21-3242954042-3778974373-1659123385-1104")
ace1 = AccessAllowedAce()
ace1['mask'] = 2032127
ace1['sid'] = sid1
ace2 = AccessAllowedAce()
ace2['mask'] = 2032127
ace2['sid'] = sid2
acl = AclPacket()
acl['aces'] = [ace1, ace2]
message = SMB2CreateSDBuffer()
message['control'].set_flag(SDControl.SELF_RELATIVE)
message.set_dacl(acl)
message.set_owner(sid2)
message.set_group(sid1)
message.set_sacl(None)
expected = b"\x01" \
b"\x00" \
b"\x04\x80" \
b"\x54\x00\x00\x00" \
b"\x70\x00\x00\x00" \
b"\x00\x00\x00\x00" \
b"\x14\x00\x00\x00" \
b"\x02" \
b"\x00" \
b"\x40\x00" \
b"\x02\x00" \
b"\x00\x00" \
b"\x00" \
b"\x00" \
b"\x14\x00" \
b"\xff\x01\x1f\x00" \
b"\x01" \
b"\x01" \
b"\x00\x00" \
b"\x00\x00\x00\x01" \
b"\x00\x00\x00\x00" \
b"\x00" \
b"\x00" \
b"\x24\x00" \
b"\xff\x01\x1f\x00" \
b"\x01" \
b"\x05" \
b"\x00\x00" \
b"\x00\x00\x00\x05" \
b"\x15\x00\x00\x00" \
b"\x3a\x8d\x4b\xc1" \
b"\xa5\x92\x3e\xe1" \
b"\xb9\x36\xe4\x62" \
b"\x50\x04\x00\x00" \
b"\x01\x05" \
b"\x00\x00" \
b"\x00\x00\x00\x05" \
b"\x15\x00\x00\x00" \
b"\x3a\x8d\x4b\xc1" \
b"\xa5\x92\x3e\xe1" \
b"\xb9\x36\xe4\x62" \
b"\x50\x04\x00\x00" \
b"\x01" \
b"\x01" \
b"\x00\x00" \
b"\x00\x00\x00\x01" \
b"\x00\x00\x00\x00"
actual = message.pack()
assert len(message) == 124
assert actual == expected
max_req['buffer_name'] = \
CreateContextName.SMB2_CREATE_QUERY_MAXIMAL_ACCESS_REQUEST
max_req['buffer_data'] = SMB2CreateQueryMaximalAccessRequest()
# create security buffer that sets the ACL for everyone to have read access
everyone_sid = SIDPacket()
everyone_sid.from_string("S-1-1-0")
ace = AccessAllowedAce()
ace['mask'] = AccessMask.GENERIC_ALL
ace['sid'] = everyone_sid
acl = AclPacket()
acl['aces'] = [ace]
sec_desc = SMB2CreateSDBuffer()
sec_desc['control'].set_flag(SDControl.SELF_RELATIVE)
sec_desc.set_dacl(acl)
sd_buffer = SMB2CreateContextRequest()
sd_buffer['buffer_name'] = CreateContextName.SMB2_CREATE_SD_BUFFER
sd_buffer['buffer_data'] = sec_desc
create_contexts = [max_req, sd_buffer]
file_open = Open(tree, file_name)
open_info = file_open.create(
ImpersonationLevel.Impersonation,
FilePipePrinterAccessMask.GENERIC_READ
| FilePipePrinterAccessMask.GENERIC_WRITE,
FileAttributes.FILE_ATTRIBUTE_NORMAL,
ShareAccess.FILE_SHARE_READ | ShareAccess.FILE_SHARE_WRITE,
