def open_file(cls, tree, file):
file = cls.normalize_filename(file)
# ensure file is created, get maximal access, and set everybody read access
max_req = SMB2CreateContextRequest()
max_req[
"buffer_name"] = CreateContextName.SMB2_CREATE_QUERY_MAXIMAL_ACCESS_REQUEST
max_req["buffer_data"] = SMB2CreateQueryMaximalAccessRequest()
# create security buffer that sets the ACL for everyone to have read access
everyone_sid = SIDPacket()
everyone_sid.from_string("S-1-1-0")
ace = AccessAllowedAce()
ace["mask"] = AccessMask.GENERIC_ALL
ace["sid"] = everyone_sid
acl = AclPacket()
acl["aces"] = [ace]
sec_desc = SMB2CreateSDBuffer()
sec_desc["control"].set_flag(SDControl.SELF_RELATIVE)
sec_desc.set_dacl(acl)
sd_buffer = SMB2CreateContextRequest()
sd_buffer["buffer_name"] = CreateContextName.SMB2_CREATE_SD_BUFFER
sd_buffer["buffer_data"] = sec_desc
create_contexts = [max_req, sd_buffer]
file_open = Open(tree, file)
open_info = file_open.create(
ImpersonationLevel.Impersonation,
FilePipePrinterAccessMask.GENERIC_READ
| FilePipePrinterAccessMask.GENERIC_WRITE,
FileAttributes.FILE_ATTRIBUTE_NORMAL,
ShareAccess.FILE_SHARE_READ | ShareAccess.FILE_SHARE_WRITE,
CreateDisposition.FILE_OVERWRITE_IF,
CreateOptions.FILE_NON_DIRECTORY_FILE,
)
return file_open
def test_parse_string_fail_too_small(self):
sid = SIDPacket()
with pytest.raises(ValueError) as exc:
sid.from_string("S-1")
assert str(exc.value) == "A SID string must start with S and contain" \
" a revision and identifier authority, e.g." \
" S-1-0"
def test_parse_message_domain_sid(self):
actual = SIDPacket()
data = b"\x01" \
b"\x05" \
b"\x00\x00" \
b"\x00\x00\x00\x05" \
b"\x15\x00\x00\x00" \
b"\x3a\x8d\x4b\xc1" \
b"\xa5\x92\x3e\xe1" \
b"\xb9\x36\xe4\x62" \
b"\x50\x04\x00\x00"
actual.unpack(data)
assert len(actual) == 28
assert str(actual) == "S-1-5-21-3242954042-3778974373-1659123385-1104"
assert actual['revision'].get_value() == 1
assert actual['sub_authority_count'].get_value() == 5
assert actual['reserved'].get_value() == 0
assert actual['identifier_authority'].get_value() == 5
sub_auth = actual['sub_authorities'].get_value()
assert isinstance(sub_auth, list)
assert len(sub_auth) == 5
assert sub_auth[0] == 21
assert sub_auth[1] == 3242954042
assert sub_auth[2] == 3778974373
assert sub_auth[3] == 1659123385
assert sub_auth[4] == 1104
def test_create_message(self):
sid = "S-1-1-0"
message = SIDPacket()
message.from_string(sid)
expected = b"\x01" \
b"\x01" \
b"\x00\x00" \
b"\x00\x00\x00\x01" \
b"\x00\x00\x00\x00"
actual = message.pack()
assert len(message) == 12
assert actual == expected
assert str(message) == sid
def test_create_message(self):
sid1 = SIDPacket()
sid1.from_string("S-1-1-0")
sid2 = SIDPacket()
sid2.from_string("S-1-5-21-3242954042-3778974373-1659123385-1104")
ace1 = AccessAllowedAce()
ace1['mask'] = 2032127
ace1['sid'] = sid1
ace2 = AccessAllowedAce()
ace2['mask'] = 2032127
ace2['sid'] = sid2
# define an illegal ACE for tests to see if it is flexible for custom
# aces'
ace3 = AccessAllowedAce()
ace3['ace_type'] = AceType.ACCESS_ALLOWED_OBJECT_ACE_TYPE
ace3['sid'] = sid1
message = AclPacket()
message['aces'] = [ace1, ace2, ace3.pack()]
expected = b"\x02" \
b"\x00" \
b"\x54\x00" \
b"\x03\x00" \
b"\x00\x00" \
b"\x00" \
b"\x00" \
b"\x14\x00" \
b"\xff\x01\x1f\x00" \
b"\x01" \
b"\x01" \
b"\x00\x00" \
b"\x00\x00\x00\x01" \
b"\x00\x00\x00\x00" \
b"\x00" \
b"\x00" \
b"\x24\x00" \
b"\xff\x01\x1f\x00" \
b"\x01" \
b"\x05" \
b"\x00\x00" \
b"\x00\x00\x00\x05" \
b"\x15\x00\x00\x00" \
b"\x3a\x8d\x4b\xc1" \
b"\xa5\x92\x3e\xe1" \
b"\xb9\x36\xe4\x62" \
b"\x50\x04\x00\x00" \
b"\x05" \
b"\x00" \
b"\x14\x00" \
b"\x00\x00\x00\x00" \
b"\x01" \
b"\x01" \
b"\x00\x00" \
b"\x00\x00\x00\x01" \
b"\x00\x00\x00\x00"
actual = message.pack()
assert len(message) == 84
assert actual == expected
def test_create_domain_sid(self):
sid = "S-1-5-21-3242954042-3778974373-1659123385-1104"
message = SIDPacket()
message.from_string(sid)
expected = b"\x01" \
b"\x05" \
b"\x00\x00" \
b"\x00\x00\x00\x05" \
b"\x15\x00\x00\x00" \
b"\x3a\x8d\x4b\xc1" \
b"\xa5\x92\x3e\xe1" \
b"\xb9\x36\xe4\x62" \
b"\x50\x04\x00\x00"
actual = message.pack()
assert len(message) == 28
assert actual == expected
assert str(message) == sid
def test_parse_message(self):
actual = SIDPacket()
data = b"\x01" \
b"\x01" \
b"\x00\x00" \
b"\x00\x00\x00\x01" \
b"\x00\x00\x00\x00"
actual.unpack(data)
assert len(actual) == 12
assert str(actual) == "S-1-1-0"
assert actual['revision'].get_value() == 1
assert actual['sub_authority_count'].get_value() == 1
assert actual['reserved'].get_value() == 0
assert actual['identifier_authority'].get_value() == 1
sub_auth = actual['sub_authorities'].get_value()
assert isinstance(sub_auth, list)
assert len(sub_auth) == 1
assert sub_auth[0] == 0
def test_create_message_sacl_group(self):
sid = SIDPacket()
sid.from_string("S-1-1-0")
ace = AccessAllowedAce()
ace['sid'] = sid
acl = AclPacket()
acl['aces'] = [ace]
message = SMB2CreateSDBuffer()
message.set_dacl(None)
message.set_owner(None)
message.set_group(sid)
message.set_sacl(acl)
expected = b"\x01" \
b"\x00" \
b"\x10\x00" \
b"\x00\x00\x00\x00" \
b"\x14\x00\x00\x00" \
b"\x20\x00\x00\x00" \
b"\x00\x00\x00\x00" \
b"\x01" \
b"\x01" \
b"\x00\x00" \
b"\x00\x00\x00\x01" \
b"\x00\x00\x00\x00" \
b"\x02" \
b"\x00" \
b"\x1c\x00" \
b"\x01\x00" \
b"\x00\x00" \
b"\x00" \
b"\x00" \
b"\x14\x00" \
b"\x00\x00\x00\x00" \
b"\x01" \
b"\x01" \
b"\x00\x00" \
b"\x00\x00\x00\x01" \
b"\x00\x00\x00\x00"
actual = message.pack()
assert len(message) == 60
assert actual == expected
def test_create_message(self):
sid = SIDPacket()
sid.from_string("S-1-1-0")
message = SystemAuditAce()
message['mask'] = 2032127
message['sid'] = sid
expected = b"\x02" \
b"\x00" \
b"\x14\x00" \
b"\xff\x01\x1f\x00" \
b"\x01" \
b"\x01" \
b"\x00\x00" \
b"\x00\x00\x00\x01" \
b"\x00\x00\x00\x00"
actual = message.pack()
assert len(message) == 20
assert actual == expected
def test_parse_string_fail_no_s(self):
sid = SIDPacket()
with pytest.raises(ValueError) as exc:
sid.from_string("A-1-1-0")
assert str(exc.value) == "A SID string must start with S-"
def test_create_message(self):
sid1 = SIDPacket()
sid1.from_string("S-1-1-0")
sid2 = SIDPacket()
sid2.from_string("S-1-5-21-3242954042-3778974373-1659123385-1104")
ace1 = AccessAllowedAce()
ace1['mask'] = 2032127
ace1['sid'] = sid1
ace2 = AccessAllowedAce()
ace2['mask'] = 2032127
ace2['sid'] = sid2
acl = AclPacket()
acl['aces'] = [ace1, ace2]
message = SMB2CreateSDBuffer()
message['control'].set_flag(SDControl.SELF_RELATIVE)
message.set_dacl(acl)
message.set_owner(sid2)
message.set_group(sid1)
message.set_sacl(None)
expected = b"\x01" \
b"\x00" \
b"\x04\x80" \
b"\x54\x00\x00\x00" \
b"\x70\x00\x00\x00" \
b"\x00\x00\x00\x00" \
b"\x14\x00\x00\x00" \
b"\x02" \
b"\x00" \
b"\x40\x00" \
b"\x02\x00" \
b"\x00\x00" \
b"\x00" \
b"\x00" \
b"\x14\x00" \
b"\xff\x01\x1f\x00" \
b"\x01" \
b"\x01" \
b"\x00\x00" \
b"\x00\x00\x00\x01" \
b"\x00\x00\x00\x00" \
b"\x00" \
b"\x00" \
b"\x24\x00" \
b"\xff\x01\x1f\x00" \
b"\x01" \
b"\x05" \
b"\x00\x00" \
b"\x00\x00\x00\x05" \
b"\x15\x00\x00\x00" \
b"\x3a\x8d\x4b\xc1" \
b"\xa5\x92\x3e\xe1" \
b"\xb9\x36\xe4\x62" \
b"\x50\x04\x00\x00" \
b"\x01\x05" \
b"\x00\x00" \
b"\x00\x00\x00\x05" \
b"\x15\x00\x00\x00" \
b"\x3a\x8d\x4b\xc1" \
b"\xa5\x92\x3e\xe1" \
b"\xb9\x36\xe4\x62" \
b"\x50\x04\x00\x00" \
b"\x01" \
b"\x01" \
b"\x00\x00" \
b"\x00\x00\x00\x01" \
b"\x00\x00\x00\x00"
actual = message.pack()
assert len(message) == 124
assert actual == expected
connection.connect()
try:
session = Session(connection, username, password)
session.connect()
tree = TreeConnect(session, share)
tree.connect()
# ensure file is created, get maximal access, and set everybody read access
max_req = SMB2CreateContextRequest()
max_req['buffer_name'] = \
CreateContextName.SMB2_CREATE_QUERY_MAXIMAL_ACCESS_REQUEST
max_req['buffer_data'] = SMB2CreateQueryMaximalAccessRequest()
# create security buffer that sets the ACL for everyone to have read access
everyone_sid = SIDPacket()
everyone_sid.from_string("S-1-1-0")
ace = AccessAllowedAce()
ace['mask'] = AccessMask.GENERIC_ALL
ace['sid'] = everyone_sid
acl = AclPacket()
acl['aces'] = [ace]
sec_desc = SMB2CreateSDBuffer()
sec_desc['control'].set_flag(SDControl.SELF_RELATIVE)
sec_desc.set_dacl(acl)
sd_buffer = SMB2CreateContextRequest()
sd_buffer['buffer_name'] = CreateContextName.SMB2_CREATE_SD_BUFFER
sd_buffer['buffer_data'] = sec_desc