Created
October 1, 2020 11:47
-
-
Save jborean93/c4d8db1db14297de1c9a268084e89d36 to your computer and use it in GitHub Desktop.
How to get the security descriptor of a file/dir using smbprotocol
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import smbclient | |
from smbprotocol.file_info import ( | |
InfoType, | |
) | |
from smbprotocol.open import ( | |
DirectoryAccessMask, | |
FilePipePrinterAccessMask, | |
SMB2QueryInfoRequest, | |
SMB2QueryInfoResponse, | |
) | |
from smbprotocol.security_descriptor import ( | |
SMB2CreateSDBuffer, | |
) | |
# Not needed when using Kerberos auth, can also be set as kwargs when calling open_file. | |
smbclient.ClientConfig(username='username', password='password') | |
class SecurityInfo: | |
Owner = 0x00000001 | |
Group = 0x00000002 | |
Dacl = 0x00000004 | |
Sacl = 0x00000008 | |
Label = 0x00000010 | |
Attribute = 0x00000020 | |
Scope = 0x00000040 | |
Backup = 0x00010000 | |
def get_sd(fd, info): | |
""" Get the Security Descriptor for the opened file. """ | |
query_req = SMB2QueryInfoRequest() | |
query_req['info_type'] = InfoType.SMB2_0_INFO_SECURITY | |
query_req['output_buffer_length'] = 65535 | |
query_req['additional_information'] = info | |
query_req['file_id'] = fd.file_id | |
req = fd.connection.send(query_req, sid=fd.tree_connect.session.session_id, tid=fd.tree_connect.tree_connect_id) | |
resp = fd.connection.receive(req) | |
query_resp = SMB2QueryInfoResponse() | |
query_resp.unpack(resp['data'].get_value()) | |
security_descriptor = SMB2CreateSDBuffer() | |
security_descriptor.unpack(query_resp['buffer'].get_value()) | |
return security_descriptor | |
# File example | |
with smbclient.open_file(r'\\dc01.domain.test\c$\temp\file.txt', mode='rb', buffering=0, | |
desired_access=FilePipePrinterAccessMask.READ_CONTROL) as fd: | |
sd = get_sd(fd.fd, SecurityInfo.Owner | SecurityInfo.Dacl) | |
print(str(sd.get_owner())) | |
print(str(sd.get_dacl()['aces'])) | |
# Dir example | |
with smbclient.open_file(r'\\dc01.domain.test\c$\temp', mode='br', buffering=0,file_type='dir', | |
desired_access=DirectoryAccessMask.READ_CONTROL) as fd: | |
sd = get_sd(fd.fd, SecurityInfo.Owner | SecurityInfo.Dacl) | |
print(str(sd.get_owner())) | |
print(str(sd.get_dacl()['aces'])) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment