def test_create_message(self):
sid1 = SIDPacket()
sid1.from_string("S-1-1-0")
sid2 = SIDPacket()
sid2.from_string("S-1-5-21-3242954042-3778974373-1659123385-1104")
ace1 = AccessAllowedAce()
ace1['mask'] = 2032127
ace1['sid'] = sid1
ace2 = AccessAllowedAce()
ace2['mask'] = 2032127
ace2['sid'] = sid2
# define an illegal ACE for tests to see if it is flexible for custom
# aces'
ace3 = AccessAllowedAce()
ace3['ace_type'] = AceType.ACCESS_ALLOWED_OBJECT_ACE_TYPE
ace3['sid'] = sid1
message = AclPacket()
message['aces'] = [ace1, ace2, ace3.pack()]
expected = b"\x02" \
b"\x00" \
b"\x54\x00" \
b"\x03\x00" \
b"\x00\x00" \
b"\x00" \
b"\x00" \
b"\x14\x00" \
b"\xff\x01\x1f\x00" \
b"\x01" \
b"\x01" \
b"\x00\x00" \
b"\x00\x00\x00\x01" \
b"\x00\x00\x00\x00" \
b"\x00" \
b"\x00" \
b"\x24\x00" \
b"\xff\x01\x1f\x00" \
b"\x01" \
b"\x05" \
b"\x00\x00" \
b"\x00\x00\x00\x05" \
b"\x15\x00\x00\x00" \
b"\x3a\x8d\x4b\xc1" \
b"\xa5\x92\x3e\xe1" \
b"\xb9\x36\xe4\x62" \
b"\x50\x04\x00\x00" \
b"\x05" \
b"\x00" \
b"\x14\x00" \
b"\x00\x00\x00\x00" \
b"\x01" \
b"\x01" \
b"\x00\x00" \
b"\x00\x00\x00\x01" \
b"\x00\x00\x00\x00"
actual = message.pack()
assert len(message) == 84
assert actual == expected
def open_file(cls, tree, file):
file = cls.normalize_filename(file)
# ensure file is created, get maximal access, and set everybody read access
max_req = SMB2CreateContextRequest()
max_req[
"buffer_name"] = CreateContextName.SMB2_CREATE_QUERY_MAXIMAL_ACCESS_REQUEST
max_req["buffer_data"] = SMB2CreateQueryMaximalAccessRequest()
# create security buffer that sets the ACL for everyone to have read access
everyone_sid = SIDPacket()
everyone_sid.from_string("S-1-1-0")
ace = AccessAllowedAce()
ace["mask"] = AccessMask.GENERIC_ALL
ace["sid"] = everyone_sid
acl = AclPacket()
acl["aces"] = [ace]
sec_desc = SMB2CreateSDBuffer()
sec_desc["control"].set_flag(SDControl.SELF_RELATIVE)
sec_desc.set_dacl(acl)
sd_buffer = SMB2CreateContextRequest()
sd_buffer["buffer_name"] = CreateContextName.SMB2_CREATE_SD_BUFFER
sd_buffer["buffer_data"] = sec_desc
create_contexts = [max_req, sd_buffer]
file_open = Open(tree, file)
open_info = file_open.create(
ImpersonationLevel.Impersonation,
FilePipePrinterAccessMask.GENERIC_READ
| FilePipePrinterAccessMask.GENERIC_WRITE,
FileAttributes.FILE_ATTRIBUTE_NORMAL,
ShareAccess.FILE_SHARE_READ | ShareAccess.FILE_SHARE_WRITE,
CreateDisposition.FILE_OVERWRITE_IF,
CreateOptions.FILE_NON_DIRECTORY_FILE,
)
return file_open
def test_create_message_sacl_group(self):
sid = SIDPacket()
sid.from_string("S-1-1-0")
ace = AccessAllowedAce()
ace['sid'] = sid
acl = AclPacket()
acl['aces'] = [ace]
message = SMB2CreateSDBuffer()
message.set_dacl(None)
message.set_owner(None)
message.set_group(sid)
message.set_sacl(acl)
expected = b"\x01" \
b"\x00" \
b"\x10\x00" \
b"\x00\x00\x00\x00" \
b"\x14\x00\x00\x00" \
b"\x20\x00\x00\x00" \
b"\x00\x00\x00\x00" \
b"\x01" \
b"\x01" \
b"\x00\x00" \
b"\x00\x00\x00\x01" \
b"\x00\x00\x00\x00" \
b"\x02" \
b"\x00" \
b"\x1c\x00" \
b"\x01\x00" \
b"\x00\x00" \
b"\x00" \
b"\x00" \
b"\x14\x00" \
b"\x00\x00\x00\x00" \
b"\x01" \
b"\x01" \
b"\x00\x00" \
b"\x00\x00\x00\x01" \
b"\x00\x00\x00\x00"
actual = message.pack()
assert len(message) == 60
assert actual == expected
def test_create_message(self):
sid1 = SIDPacket()
sid1.from_string("S-1-1-0")
sid2 = SIDPacket()
sid2.from_string("S-1-5-21-3242954042-3778974373-1659123385-1104")
ace1 = AccessAllowedAce()
ace1['mask'] = 2032127
ace1['sid'] = sid1
ace2 = AccessAllowedAce()
ace2['mask'] = 2032127
ace2['sid'] = sid2
acl = AclPacket()
acl['aces'] = [ace1, ace2]
message = SMB2CreateSDBuffer()
message['control'].set_flag(SDControl.SELF_RELATIVE)
message.set_dacl(acl)
message.set_owner(sid2)
message.set_group(sid1)
message.set_sacl(None)
expected = b"\x01" \
b"\x00" \
b"\x04\x80" \
b"\x54\x00\x00\x00" \
b"\x70\x00\x00\x00" \
b"\x00\x00\x00\x00" \
b"\x14\x00\x00\x00" \
b"\x02" \
b"\x00" \
b"\x40\x00" \
b"\x02\x00" \
b"\x00\x00" \
b"\x00" \
b"\x00" \
b"\x14\x00" \
b"\xff\x01\x1f\x00" \
b"\x01" \
b"\x01" \
b"\x00\x00" \
b"\x00\x00\x00\x01" \
b"\x00\x00\x00\x00" \
b"\x00" \
b"\x00" \
b"\x24\x00" \
b"\xff\x01\x1f\x00" \
b"\x01" \
b"\x05" \
b"\x00\x00" \
b"\x00\x00\x00\x05" \
b"\x15\x00\x00\x00" \
b"\x3a\x8d\x4b\xc1" \
b"\xa5\x92\x3e\xe1" \
b"\xb9\x36\xe4\x62" \
b"\x50\x04\x00\x00" \
b"\x01\x05" \
b"\x00\x00" \
b"\x00\x00\x00\x05" \
b"\x15\x00\x00\x00" \
b"\x3a\x8d\x4b\xc1" \
b"\xa5\x92\x3e\xe1" \
b"\xb9\x36\xe4\x62" \
b"\x50\x04\x00\x00" \
b"\x01" \
b"\x01" \
b"\x00\x00" \
b"\x00\x00\x00\x01" \
b"\x00\x00\x00\x00"
actual = message.pack()
assert len(message) == 124
assert actual == expected
def test_parse_message(self):
actual = AclPacket()
data = b"\x02" \
b"\x00" \
b"\x54\x00" \
b"\x03\x00" \
b"\x00\x00" \
b"\x00" \
b"\x00" \
b"\x14\x00" \
b"\xff\x01\x1f\x00" \
b"\x01" \
b"\x01" \
b"\x00\x00" \
b"\x00\x00\x00\x01" \
b"\x00\x00\x00\x00" \
b"\x00" \
b"\x00" \
b"\x24\x00" \
b"\xff\x01\x1f\x00" \
b"\x01" \
b"\x05" \
b"\x00\x00" \
b"\x00\x00\x00\x05" \
b"\x15\x00\x00\x00" \
b"\x3a\x8d\x4b\xc1" \
b"\xa5\x92\x3e\xe1" \
b"\xb9\x36\xe4\x62" \
b"\x50\x04\x00\x00" \
b"\x05" \
b"\x00" \
b"\x14\x00" \
b"\x00\x00\x00\x00" \
b"\x01" \
b"\x01" \
b"\x00\x00" \
b"\x00\x00\x00\x01" \
b"\x00\x00\x00\x00"
actual.unpack(data)
assert len(actual) == 84
assert actual['acl_revision'].get_value() == AclRevision.ACL_REVISION
assert actual['sbz1'].get_value() == 0
assert actual['acl_size'].get_value() == 84
assert actual['ace_count'].get_value() == 3
assert actual['sbz2'].get_value() == 0
aces = actual['aces'].get_value()
assert len(aces) == 3
assert aces[0]['ace_type'].get_value() == \
AceType.ACCESS_ALLOWED_ACE_TYPE
assert aces[0]['ace_flags'].get_value() == 0
assert aces[0]['ace_size'].get_value() == 20
assert aces[0]['mask'].get_value() == 2032127
assert str(aces[0]['sid'].get_value()) == "S-1-1-0"
assert aces[1]['ace_type'].get_value() == \
AceType.ACCESS_ALLOWED_ACE_TYPE
assert aces[1]['ace_flags'].get_value() == 0
assert aces[1]['ace_size'].get_value() == 36
assert aces[1]['mask'].get_value() == 2032127
assert str(aces[1]['sid'].get_value()) == \
"S-1-5-21-3242954042-3778974373-1659123385-1104"
assert isinstance(aces[2], bytes)
assert aces[2] == b"\x05\x00\x14\x00\x00\x00\x00\x00" \
b"\x01\x01\x00\x00\x00\x00\x00\x01" \
b"\x00\x00\x00\x00"
# ensure file is created, get maximal access, and set everybody read access
max_req = SMB2CreateContextRequest()
max_req['buffer_name'] = \
CreateContextName.SMB2_CREATE_QUERY_MAXIMAL_ACCESS_REQUEST
max_req['buffer_data'] = SMB2CreateQueryMaximalAccessRequest()
# create security buffer that sets the ACL for everyone to have read access
everyone_sid = SIDPacket()
everyone_sid.from_string("S-1-1-0")
ace = AccessAllowedAce()
ace['mask'] = AccessMask.GENERIC_ALL
ace['sid'] = everyone_sid
acl = AclPacket()
acl['aces'] = [ace]
sec_desc = SMB2CreateSDBuffer()
sec_desc['control'].set_flag(SDControl.SELF_RELATIVE)
sec_desc.set_dacl(acl)
sd_buffer = SMB2CreateContextRequest()
sd_buffer['buffer_name'] = CreateContextName.SMB2_CREATE_SD_BUFFER
sd_buffer['buffer_data'] = sec_desc
create_contexts = [max_req, sd_buffer]
file_open = Open(tree, file_name)
open_info = file_open.create(
ImpersonationLevel.Impersonation,
FilePipePrinterAccessMask.GENERIC_READ