samba.smb.SMB:set_acl seems to generate a bad nttrans:SET_SD request
Richard Sharpe
realrichardsharpe at gmail.com
Sun Mar 25 08:48:10 MDT 2012
On Sun, Mar 25, 2012 at 7:22 AM, Richard Sharpe
<realrichardsharpe at gmail.com> wrote:
> Hi folks,
>
> I was playing with set_acl and was getting:
>
> RuntimeError: (-1073741811, 'Unexpected information received')
>
> When I look at the on-the-wire traffic I see that the SD is there but
> that the Security Info field is zero.
>
> So, then I looked at source4/libcli/pysmb.c and see this:
>
> fio.set_secdesc.level = RAW_SFILEINFO_SEC_DESC;
> fio.set_secdesc.in.file.fnum = fnum;
> fio.set_secdesc.in.secinfo_flags = 0;
> fio.set_secdesc.in.sd = sd;
>
> status = smb_raw_set_secdesc(spdata->tree, &fio);
>
> It seems that we are setting the seconfo to 0. Perhaps we should be
> passing secinfo into set_acl, or perhaps it should scan the SD, or
> maybe I am just doing something wrong.
>
> Here is the code I am using:
>
> if sd_sddl.find("S-1-3-4") < 0:
> sd_sddl = sd_sddl + "(A;OICIIO;0x00060000;;;S-1-3-4)"
>
> root_sd = security.descriptor.from_sddl(sd_sddl,
> security.dom_sid("S-2-0-0"))
> print "New SD: ", root_sd.as_sddl()
>
> conn.set_acl("\\", root_sd)
I think we have to do something like:
diff --git a/source4/libcli/pysmb.c b/source4/libcli/pysmb.c
index 2f9a579..b6331e1 100644
--- a/source4/libcli/pysmb.c
+++ b/source4/libcli/pysmb.c
@@ -367,9 +367,10 @@ static PyObject *py_smb_setacl(pytalloc_Object *self, PyObj
const char *filename;
PyObject *py_sd;
struct security_descriptor *sd;
+ uint32_t sinfo = 0;
int fnum;
- if (!PyArg_ParseTuple(args, "sO:set_acl", &filename, &py_sd)) {
+ if (!PyArg_ParseTuple(args, "sOl:set_acl", &filename, &py_sd, &sinfo)) {
return NULL;
}
@@ -398,7 +399,7 @@ static PyObject *py_smb_setacl(pytalloc_Object *self, PyObje
io.ntcreatex.in.alloc_size = 0;
io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
- io.ntcreatex.in.security_flags = 0;
+ io.ntcreatex.in.security_flags = sinfo;
io.ntcreatex.in.fname = filename;
status = smb_raw_open(spdata->tree, self->talloc_ctx, &io);
and then call it like:
conn.set_acl(file, sd, SECINFO_DACL + SECINFO_OWNER + SECINFO_GROUP_
--
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)
More information about the samba-technical
mailing list