-
Notifications
You must be signed in to change notification settings - Fork 74
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to get accurate acl from Security Descriptor #277
Comments
This library returns the full security descriptor from the server, I'm unsure what the differences are between how the server represents the ACEs but on a test I can see that the mask is returning the correct values and also returned inherited ACEs.
|
In windows, we have below permissions: How i can infer these from the mask value returned as a part of Security Descriptor STANDARD_RIGHTS_ALL |
The mask values are the normal file access mask values used on Windows. This library has a pre-defined set of access mask values for files/pipes and directories at smbprotocol/src/smbprotocol/open.py Lines 128 to 185 in 3f69e6d
|
In Security Descriptor, In this case, I am getting READ_CONTROL, SYNCHRONIZE as the DACL values for User1 and User2. Is there a way, I can identify User 2 has Read/Write acess? |
The response from SMB is the raw security descriptor and ACE entries for the DACL. If they do not have the entry for the user then when you set it it probably is just already part of another rule. Not much you can do about that as this library just gets the raw ACE entries. |
I am using the smb_security_descriptor.py example to get the list of users and the access they have. It is returning response, but that it is misleading.
For example : user1 -> Read and execute, read, list
user 2 -> Read and execute, read, list , write
For both the users, I am getting READ_CONTROL and SYNCHRONIZE as the mask flag.
Is there a way can you help me to decode this DACL to match the one we choose in Security windows?
The text was updated successfully, but these errors were encountered: