Some mods to samba.smb.SMB to support test cases for File System ACLs and privs
Amitay Isaacs
amitay at gmail.com
Thu Mar 29 20:59:48 MDT 2012
On Fri, Mar 30, 2012 at 1:44 PM, Richard Sharpe
<realrichardsharpe at gmail.com> wrote:
> Hi folks,
>
> The following is a patch to source4/libcli/pysmb.c that implements
> open_close_file. You pass it a path along with an access mask and
> optionally some more things, and we try to open the file and then
> close it. If the open fails we throw an exception.
>
> This is enough to allow me to start writing a basic test case to get a
> feel for the way they are written, although I will probably have to
> extend it some more later. However, for the moment, if I try to open a
> file with SEC_FLAG_SYSTEM_SECURITY I get the correct response, which
> is really neat, and if I try with more reasonable values in the
> ACCESS_MASK all is well:
>
> That was bad, val = (-1073741727, 'NT_STATUS_PRIVILEGE_NOT_HELD')
>
> Anyway, here is the patch for any feedback. I have created a function
> called open_close_file, which is what it does.
>
> diff --git a/source4/libcli/pysmb.c b/source4/libcli/pysmb.c
> index b4eba14..81321d8 100644
> --- a/source4/libcli/pysmb.c
> +++ b/source4/libcli/pysmb.c
> @@ -436,6 +436,70 @@ static PyObject *py_smb_setacl(pytalloc_Object *self, PyObj
> Py_RETURN_NONE;
> }
>
> +/*
> + * Open the file with the parameters passed in and then close it
> + */
> +static PyObject *py_open_close_file(pytalloc_Object *self, PyObject *args, PyOb
> +{
> + NTSTATUS status;
> + union smb_open io;
> + struct smb_private_data *spdata;
> + const char *filename;
> + uint32_t access_mask = 0;
> + uint32_t share_access = 0;
> + uint32_t open_disposition = 0;
> + uint32_t create_options = 0;
> + int fnum;
> +
> + if (!PyArg_ParseTuple(args, "si|iii:get_acl",
> + &filename,
> + &access_mask,
> + &share_access,
> + &open_disposition,
> + &create_options)) {
> + return NULL;
> + }
> +
> + if (!access_mask)
> + access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
> +
> + if (!share_access)
> + share_access = NTCREATEX_SHARE_ACCESS_READ |
> + NTCREATEX_SHARE_ACCESS_WRITE;
> +
> + if (!open_disposition)
> + open_disposition = NTCREATEX_DISP_OPEN;
> +
> +
> +
> + spdata = self->ptr;
> +
> + ZERO_STRUCT(io);
> +
> + spdata = self->ptr;
> +
> + io.generic.level = RAW_OPEN_NTCREATEX;
> + io.ntcreatex.in.root_fid.fnum = 0;
> + io.ntcreatex.in.flags = 0;
> + io.ntcreatex.in.access_mask = access_mask;
> + io.ntcreatex.in.create_options = create_options;
> + io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
> + io.ntcreatex.in.share_access = share_access;
> + io.ntcreatex.in.alloc_size = 0;
> + io.ntcreatex.in.open_disposition = open_disposition;
> + io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
> + io.ntcreatex.in.security_flags = 0;
> + io.ntcreatex.in.fname = filename;
> +
> + status = smb_raw_open(spdata->tree, self->talloc_ctx, &io);
> + PyErr_NTSTATUS_IS_ERR_RAISE(status);
> +
> + fnum = io.ntcreatex.out.file.fnum;
> +
> + smbcli_close(spdata->tree, fnum);
> +
> + Py_RETURN_NONE;
> +}
> +
>
> static PyMethodDef py_smb_methods[] = {
> { "loadfile", (PyCFunction)py_smb_loadfile, METH_VARARGS,
> @@ -467,6 +531,9 @@ static PyMethodDef py_smb_methods[] = {
> { "set_acl", (PyCFunction)py_smb_setacl, METH_VARARGS,
> "set_acl(path, security_descriptor[, security_info=0]) -> None\n
> Set security descriptor for file." },
> + { "open_close_file", (PyCFunction)py_open_close_file, METH_VARARGS,
> + "open_close_file(path, access_mask[, share_access[, open_disposi
> + Open and then close file. Throws exceptions." },
> { NULL },
> +
> +
> + spdata = self->ptr;
> +
> + ZERO_STRUCT(io);
> +
> + spdata = self->ptr;
> +
> + io.generic.level = RAW_OPEN_NTCREATEX;
> + io.ntcreatex.in.root_fid.fnum = 0;
> + io.ntcreatex.in.flags = 0;
> + io.ntcreatex.in.access_mask = access_mask;
> + io.ntcreatex.in.create_options = create_options;
> + io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
> + io.ntcreatex.in.share_access = share_access;
> + io.ntcreatex.in.alloc_size = 0;
> + io.ntcreatex.in.open_disposition = open_disposition;
> + io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
> + io.ntcreatex.in.security_flags = 0;
> + io.ntcreatex.in.fname = filename;
> +
> + status = smb_raw_open(spdata->tree, self->talloc_ctx, &io);
> + PyErr_NTSTATUS_IS_ERR_RAISE(status);
> +
> + fnum = io.ntcreatex.out.file.fnum;
> +
> + smbcli_close(spdata->tree, fnum);
> +
> + Py_RETURN_NONE;
> +}
> +
>
> static PyMethodDef py_smb_methods[] = {
> { "loadfile", (PyCFunction)py_smb_loadfile, METH_VARARGS,
> @@ -467,6 +531,9 @@ static PyMethodDef py_smb_methods[] = {
> { "set_acl", (PyCFunction)py_smb_setacl, METH_VARARGS,
> "set_acl(path, security_descriptor[, security_info=0]) -> None\n
> Set security descriptor for file." },
> + { "open_close_file", (PyCFunction)py_open_close_file, METH_VARARGS,
> + "open_close_file(path, access_mask[, share_access[, open_disposi
> + Open and then close file. Throws exceptions." },
> { NULL },
> };
>
Hi Richard,
Instead of adding specific open_close_file(), can you add open() and
close() as separate calls? That paves a way for adding read/write
stuff at a later date.
Amitay.
More information about the samba-technical
mailing list