listPath fails with "STATUS_ACCESS_DENIED" due to too broad access mask
ArtemUstynov opened this issue · 2 comments
ArtemUstynov commented
found_entries = conn.listPath(args.service_name, folder_path)
fails with:
==================== SMB Message 0 ====================
SMB Header:
-----------
Command: 0x03 (SMB2_COM_TREE_CONNECT)
Status: 0x00000000
Flags: 0x00
PID: 6504
MID: 3
TID: 0
Data: 70 bytes
SMB Data Packet (hex):
----------------------
==================== SMB Message 1 ====================
SMB Header:
-----------
Command: 0x03 (SMB2_COM_TREE_CONNECT)
Status: 0x00000000
Flags: 0x01
PID: 0
MID: 3
TID: 1
Data: 16 bytes
SMB Data Packet (hex):
----------------------
==================== SMB Message 2 ====================
SMB Header:
-----------
Command: 0x05 (SMB2_COM_CREATE)
Status: 0x00000000
Flags: 0x00
PID: 6504
MID: 4
TID: 1
SMB Data Packet (hex):
----------------------
==================== SMB Message 3 ====================
SMB Header:
-----------
Command: 0x05 (SMB2_COM_CREATE)
Status: 0xC0000022
Flags: 0x01
PID: 0
MID: 4
TID: 1
SMB Data Packet (hex):
----------------------
due to :
m = SMB2Message(SMB2CreateRequest(path,
file_attributes = 0,
access_mask = FILE_READ_DATA | **FILE_READ_EA** | FILE_READ_ATTRIBUTES | SYNCHRONIZE,
share_access = FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,
oplock = SMB2_OPLOCK_LEVEL_NONE,
impersonation = SEC_IMPERSONATE,
create_options = FILE_DIRECTORY_FILE,
create_disp = FILE_OPEN,
create_context_data = create_context_data))
line 621 in base.py
FILE_READ_EA causes query to fail in my case. I think that minimal permissions should be used here or maybe this should be configurable. probably FILE_READ_DATA | FILE_READ_ATTRIBUTES will be enough, for default access and if needed more can be specified.
miketeo commented
Fixed in pysmb 1.2.8
baxtee1 commented
It appears I'm getting the same issue when trying to use SMB1 with version 1.2.8.
==================== SMB Message 0 ====================
SMB Header:
Command: 0x75 (SMB_COM_TREE_CONNECT_ANDX)
Status: NTSTATUS=0x00000000
Flags: 0x18
Flags2: 0xC841
PID: 791562
UID: 2048
MID: 4
TID: 0
Security: 0x0000000000000000
Parameters: 8 bytes
Data: 59 bytes
SMB Data Packet (hex):