koniiiik/sd_crawl.py

## sd_crawl.py
import logging

logging.basicConfig(level=logging.DEBUG)

import collections
import os

from smb.smb_constants import FILE_READ_DATA
from smb.SMBConnection import SMBConnection, OperationFailure
from smb.security_descriptors import (
    ACE_TYPE_ACCESS_ALLOWED, ACE_TYPE_ACCESS_DENIED,
    SID_CREATOR_OWNER, SID_CREATOR_GROUP,
)


SERVER_IP = '10.0.0.1'
REMOTE_NAME = 'server'
MY_NAME = 'client'
USERNAME = 'username'
PASSWORD = 'password'


c = SMBConnection(USERNAME, PASSWORD, MY_NAME, REMOTE_NAME)
if not c.connect(SERVER_IP):
    raise Exception("Connection failed")


def traverse_path(service_name, path):
    q = collections.deque([path])
    while q:
        path = q.popleft()
        print('Traversing path %r...' % (path,))
        for f in c.listPath(service_name, path):
            if f.filename in ['.', '..']:
                continue
            fpath = os.path.join(path, f.filename)
            if f.isDirectory:
                q.append(fpath)

            security_descriptor = c.getSecurity(service_name, fpath)

            if security_descriptor.dacl:
                aces = security_descriptor.dacl.aces
            else:
                aces = []
            allowed_sids, denied_sids = set(), set()
            for ace in aces:
                if ace.isInheritOnly:
                    # This ACE doesn't apply to this object.
                    continue
                if not ace.mask & FILE_READ_DATA:
                    continue
                sid = str(ace.sid)
                if sid == SID_CREATOR_OWNER:
                    sid == str(security_descriptor.owner)
                elif sid == SID_CREATOR_GROUP:
                    sid == str(security_descriptor.group)
                if ace.type == ACE_TYPE_ACCESS_ALLOWED:
                    allowed_sids.add(sid)
                elif ace.type == ACE_TYPE_ACCESS_DENIED:
                    denied_sids.add(sid)

            yield fpath, allowed_sids, denied_sids

#list(traverse_path('pysmb-test', '/'))
	import logging

	logging.basicConfig(level=logging.DEBUG)

	import collections
	import os

	from smb.smb_constants import FILE_READ_DATA
	from smb.SMBConnection import SMBConnection, OperationFailure
	from smb.security_descriptors import (
	ACE_TYPE_ACCESS_ALLOWED, ACE_TYPE_ACCESS_DENIED,
	SID_CREATOR_OWNER, SID_CREATOR_GROUP,
	)


	SERVER_IP = '10.0.0.1'
	REMOTE_NAME = 'server'
	MY_NAME = 'client'
	USERNAME = 'username'
	PASSWORD = 'password'


	c = SMBConnection(USERNAME, PASSWORD, MY_NAME, REMOTE_NAME)
	if not c.connect(SERVER_IP):
	raise Exception("Connection failed")


	def traverse_path(service_name, path):
	q = collections.deque([path])
	while q:
	path = q.popleft()
	print('Traversing path %r...' % (path,))
	for f in c.listPath(service_name, path):
	if f.filename in ['.', '..']:
	continue
	fpath = os.path.join(path, f.filename)
	if f.isDirectory:
	q.append(fpath)

	security_descriptor = c.getSecurity(service_name, fpath)

	if security_descriptor.dacl:
	aces = security_descriptor.dacl.aces
	else:
	aces = []
	allowed_sids, denied_sids = set(), set()
	for ace in aces:
	if ace.isInheritOnly:
	# This ACE doesn't apply to this object.
	continue
	if not ace.mask & FILE_READ_DATA:
	continue
	sid = str(ace.sid)
	if sid == SID_CREATOR_OWNER:
	sid == str(security_descriptor.owner)
	elif sid == SID_CREATOR_GROUP:
	sid == str(security_descriptor.group)
	if ace.type == ACE_TYPE_ACCESS_ALLOWED:
	allowed_sids.add(sid)
	elif ace.type == ACE_TYPE_ACCESS_DENIED:
	denied_sids.add(sid)

	yield fpath, allowed_sids, denied_sids

	#list(traverse_path('pysmb-test', '/'))