Some mods to samba.smb.SMB to support test cases for File System ACLs and privs

Richard Sharpe realrichardsharpe at gmail.com
Thu Mar 29 20:44:59 MDT 2012 

Hi folks,

The following is a patch to source4/libcli/pysmb.c that implements
open_close_file. You pass it a path along with an access mask and
optionally some more things, and we try to open the file and then
close it. If the open fails we throw an exception.

This is enough to allow me to start writing a basic test case to get a
feel for the way they are written, although I will probably have to
extend it some more later. However, for the moment, if I try to open a
file with SEC_FLAG_SYSTEM_SECURITY I get the correct response, which
is really neat, and if I try with more reasonable values in the
ACCESS_MASK all is well:

       That was bad, val =  (-1073741727, 'NT_STATUS_PRIVILEGE_NOT_HELD')

Anyway, here is the patch for any feedback. I have created a function
called open_close_file, which is what it does.

diff --git a/source4/libcli/pysmb.c b/source4/libcli/pysmb.c
index b4eba14..81321d8 100644
--- a/source4/libcli/pysmb.c
+++ b/source4/libcli/pysmb.c
@@ -436,6 +436,70 @@ static PyObject *py_smb_setacl(pytalloc_Object *self, PyObj
        Py_RETURN_NONE;
 }

+/*
+ * Open the file with the parameters passed in and then close it
+ */
+static PyObject *py_open_close_file(pytalloc_Object *self, PyObject *args, PyOb
+{
+       NTSTATUS status;
+       union smb_open io;
+       struct smb_private_data *spdata;
+       const char *filename;
+       uint32_t access_mask = 0;
+       uint32_t share_access = 0;
+        uint32_t open_disposition = 0;
+        uint32_t create_options = 0;
+       int fnum;
+
+       if (!PyArg_ParseTuple(args, "si|iii:get_acl",
+                               &filename,
+                               &access_mask,
+                               &share_access,
+                               &open_disposition,
+                               &create_options)) {
+               return NULL;
+       }
+
+       if (!access_mask)
+               access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+
+       if (!share_access)
+               share_access = NTCREATEX_SHARE_ACCESS_READ |
+                               NTCREATEX_SHARE_ACCESS_WRITE;
+
+       if (!open_disposition)
+               open_disposition = NTCREATEX_DISP_OPEN;
+
+
+
+       spdata = self->ptr;
+
+       ZERO_STRUCT(io);
+
+       spdata = self->ptr;
+
+       io.generic.level = RAW_OPEN_NTCREATEX;
+       io.ntcreatex.in.root_fid.fnum = 0;
+       io.ntcreatex.in.flags = 0;
+       io.ntcreatex.in.access_mask = access_mask;
+       io.ntcreatex.in.create_options = create_options;
+       io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+       io.ntcreatex.in.share_access = share_access;
+       io.ntcreatex.in.alloc_size = 0;
+       io.ntcreatex.in.open_disposition = open_disposition;
+       io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+       io.ntcreatex.in.security_flags = 0;
+       io.ntcreatex.in.fname = filename;
+
+       status = smb_raw_open(spdata->tree, self->talloc_ctx, &io);
+       PyErr_NTSTATUS_IS_ERR_RAISE(status);
+
+       fnum = io.ntcreatex.out.file.fnum;
+
+       smbcli_close(spdata->tree, fnum);
+
+       Py_RETURN_NONE;
+}
+

 static PyMethodDef py_smb_methods[] = {
        { "loadfile", (PyCFunction)py_smb_loadfile, METH_VARARGS,
@@ -467,6 +531,9 @@ static PyMethodDef py_smb_methods[] = {
        { "set_acl", (PyCFunction)py_smb_setacl, METH_VARARGS,
                "set_acl(path, security_descriptor[, security_info=0]) -> None\n
                Set security descriptor for file." },
+       { "open_close_file", (PyCFunction)py_open_close_file, METH_VARARGS,
+               "open_close_file(path, access_mask[, share_access[, open_disposi
+               Open and then close file. Throws exceptions." },
        { NULL },
+
+
+       spdata = self->ptr;
+
+       ZERO_STRUCT(io);
+
+       spdata = self->ptr;
+
+       io.generic.level = RAW_OPEN_NTCREATEX;
+       io.ntcreatex.in.root_fid.fnum = 0;
+       io.ntcreatex.in.flags = 0;
+       io.ntcreatex.in.access_mask = access_mask;
+       io.ntcreatex.in.create_options = create_options;
+       io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+       io.ntcreatex.in.share_access = share_access;
+       io.ntcreatex.in.alloc_size = 0;
+       io.ntcreatex.in.open_disposition = open_disposition;
+       io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+       io.ntcreatex.in.security_flags = 0;
+       io.ntcreatex.in.fname = filename;
+
+       status = smb_raw_open(spdata->tree, self->talloc_ctx, &io);
+       PyErr_NTSTATUS_IS_ERR_RAISE(status);
+
+       fnum = io.ntcreatex.out.file.fnum;
+
+       smbcli_close(spdata->tree, fnum);
+
+       Py_RETURN_NONE;
+}
+

 static PyMethodDef py_smb_methods[] = {
        { "loadfile", (PyCFunction)py_smb_loadfile, METH_VARARGS,
@@ -467,6 +531,9 @@ static PyMethodDef py_smb_methods[] = {
        { "set_acl", (PyCFunction)py_smb_setacl, METH_VARARGS,
                "set_acl(path, security_descriptor[, security_info=0]) -> None\n
                Set security descriptor for file." },
+       { "open_close_file", (PyCFunction)py_open_close_file, METH_VARARGS,
+               "open_close_file(path, access_mask[, share_access[, open_disposi
+               Open and then close file. Throws exceptions." },
        { NULL },
 };

-- 
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)

More information about the samba-technical mailing list