listPath fails with "STATUS_ACCESS_DENIED" due to too broad access mask

Question

listPath fails with "STATUS_ACCESS_DENIED" due to too broad access mask

ArtemUstynov opened this issue 2 years ago · 2 comments

found_entries = conn.listPath(args.service_name, folder_path)

fails with:

==================== SMB Message 0 ====================
SMB Header:
-----------
Command: 0x03 (SMB2_COM_TREE_CONNECT) 
Status: 0x00000000 
Flags: 0x00 
PID: 6504 
MID: 3 
TID: 0 
Data: 70 bytes 
SMB Data Packet (hex):
----------------------
==================== SMB Message 1 ====================
SMB Header:
-----------
Command: 0x03 (SMB2_COM_TREE_CONNECT) 
Status: 0x00000000 
Flags: 0x01 
PID: 0 
MID: 3 
TID: 1 
Data: 16 bytes 

SMB Data Packet (hex):
----------------------
==================== SMB Message 2 ====================
SMB Header:
-----------
Command: 0x05 (SMB2_COM_CREATE) 
Status: 0x00000000 
Flags: 0x00 
PID: 6504 
MID: 4 
TID: 1 
SMB Data Packet (hex):
----------------------
==================== SMB Message 3 ====================
SMB Header:
-----------
Command: 0x05 (SMB2_COM_CREATE) 
Status: 0xC0000022 
Flags: 0x01 
PID: 0 
MID: 4 
TID: 1 
SMB Data Packet (hex):
----------------------

due to :

  m = SMB2Message(SMB2CreateRequest(path,
                                              file_attributes = 0,
                                              access_mask = FILE_READ_DATA | **FILE_READ_EA** | FILE_READ_ATTRIBUTES | SYNCHRONIZE,
                                              share_access = FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,
                                              oplock = SMB2_OPLOCK_LEVEL_NONE,
                                              impersonation = SEC_IMPERSONATE,
                                              create_options = FILE_DIRECTORY_FILE,
                                              create_disp = FILE_OPEN,
                                              create_context_data = create_context_data))

line 621 in base.py

FILE_READ_EA causes query to fail in my case. I think that minimal permissions should be used here or maybe this should be configurable. probably FILE_READ_DATA | FILE_READ_ATTRIBUTES will be enough, for default access and if needed more can be specified.

Answer 1 · 2022-10-22T04:49:24.000Z

Fixed in pysmb 1.2.8

Answer 2 · 2022-10-24T22:21:47.000Z

It appears I'm getting the same issue when trying to use SMB1 with version 1.2.8.

==================== SMB Message 0 ====================
SMB Header:

Command: 0x75 (SMB_COM_TREE_CONNECT_ANDX)
Status: NTSTATUS=0x00000000
Flags: 0x18
Flags2: 0xC841
PID: 791562
UID: 2048
MID: 4
TID: 0
Security: 0x0000000000000000
Parameters: 8 bytes
Data: 59 bytes
SMB Data Packet (hex):

==================== SMB Message 0 ==================== SMB Header:

==================== SMB Message 0 ====================
SMB Header: