Skip to content

Commit

Permalink
Minor SMB client API cleanups for query
Browse files Browse the repository at this point in the history
  • Loading branch information
@gpotter2
gpotter2 committed Jan 26, 2024
1 parent 187251d commit 792583c
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 12 deletions.
14 changes: 11 additions & 3 deletions scapy/layers/smb2.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,11 +20,12 @@
ConditionalField,
FieldLenField,
FieldListField,
FlagValue,
FlagsField,
IP6Field,
IPField,
IntEnumField,
IntField,
IPField,
IP6Field,
LEIntField,
LEIntEnumField,
LELongField,
Expand Down Expand Up @@ -93,12 +94,14 @@
0xC000000F: "STATUS_NO_SUCH_FILE",
0xC0000016: "STATUS_MORE_PROCESSING_REQUIRED",
0xC0000022: "STATUS_ACCESS_DENIED",
0xC0000033: "STATUS_OBJECT_NAME_INVALID",
0xC0000034: "STATUS_OBJECT_NAME_NOT_FOUND",
0xC0000043: "STATUS_SHARING_VIOLATION",
0xC000006D: "STATUS_LOGON_FAILURE",
0xC0000071: "STATUS_PASSWORD_EXPIRED",
0xC0000072: "STATUS_ACCOUNT_DISABLED",
0xC000009A: "STATUS_INSUFFICIENT_RESOURCES",
0xC00000BA: "STATUS_FILE_IS_A_DIRECTORY",
0xC00000BB: "STATUS_NOT_SUPPORTED",
0xC00000C9: "STATUS_NETWORK_NAME_DELETED",
0xC00000CC: "STATUS_BAD_NETWORK_NAME",
Expand Down Expand Up @@ -804,7 +807,12 @@ def toSDDL(self):
Return SDDL
"""
sid = self.payload.Sid.summary()
ace_flag_string = "?" # TODO
ace_flag_string = str(
FlagValue(
self.AceFlags,
["OI", "CI", "NP", "IO", "ID", "SA", "FA"]
)
)
ace_rights = "" # TODO
object_guid = "" # TODO
inherit_object_guid = "" # TODO
Expand Down
27 changes: 18 additions & 9 deletions scapy/layers/smbclient.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -530,7 +530,8 @@ def tree_disconnect(self):
if SMB2_Tree_Disconnect_Response not in resp:
raise ValueError("Failed TreeDisconnect ! %s" % resp.NTStatus)

def create_request(self, name, mode="r", type="pipe", extra_create_options=[]):
def create_request(self, name, mode="r", type="pipe",
extra_create_options=[], extra_desired_access=[]):
"""
Open a file/pipe by its name
Expand Down Expand Up @@ -566,11 +567,13 @@ def create_request(self, name, mode="r", type="pipe", extra_create_options=[]):
CreateOptions.append("FILE_DELETE_ON_CLOSE")
if type == "file":
FileAttributes.append("FILE_ATTRIBUTE_NORMAL")
else:
raise ValueError("Unknown type")
elif type:
raise ValueError("Unknown type: %s" % type)
# Extra options
if extra_create_options:
CreateOptions.extend(extra_create_options)
if extra_desired_access:
DesiredAccess.extend(extra_desired_access)
# Request
resp = self.ins.sr1(
SMB2_Create_Request(
Expand Down Expand Up @@ -675,23 +678,23 @@ def query_directory(self, FileId, FileName="*"):
)
return results

def query_info(self, FileId):
def query_info(self, FileId, InfoType, FileInfoClass, AdditionalInformation=0):
"""
Query the Info
"""
pkt = SMB2_Query_Info_Request(
InfoType="SMB2_0_INFO_FILE",
FileInfoClass="FileAllInformation",
InfoType=InfoType,
FileInfoClass=FileInfoClass,
OutputBufferLength=65535,
FileId=FileId,
AdditionalInformation=AdditionalInformation,
)
resp = self.ins.sr1(pkt, verbose=0, timeout=self.timeout)
if not resp:
raise ValueError("QueryInfo timed out !")
if SMB2_Query_Info_Response not in resp:
raise ValueError("Failed QueryInfo ! %s" % resp.NTStatus)
res = FileAllInformation(resp.Output)
return res
return resp.Output

def changenotify(self, FileId):
"""
Expand Down Expand Up @@ -1224,7 +1227,13 @@ def _get_file(self, file, fd):
extra_create_options=self.extra_create_options,
)
# Get the file size
info = self.smbsock.query_info(fileId)
info = FileAllInformation(
self.smbsock.query_info(
FileId=fileId,
InfoType="SMB2_0_INFO_FILE",
FileInfoClass="FileAllInformation",
)
)
length = info.StandardInformation.EndOfFile
offset = 0
# Read the file
Expand Down

0 comments on commit 792583c

Please sign in to comment.