go-smb2 icon indicating copy to clipboard operation
go-smb2 copied to clipboard

Published 20 hours ago verified publisher icon hirochachacha

Add SMB2_0_INFO_SECURITY request support

Open principis opened this issue 2 years ago • 5 comments

This PR implements support for the SMB2 QUERY_INFO request with InfoType SMB2_0_INFO_SECURITY.

I chose the OWNER_SECURITY_INFORMATION, GROUP_SECURITY_INFORMATION and DACL_SECURITY_INFORMATION security attributes, since this is what pysmb queries for and is everything I need. I'm not sure if more is necessary at this time.

Let me know if any changes are necessary!

Edit: force push to fix typo

principis avatar Jul 14 '22 15:07 principis

Also, please consider implementing SetSecurity feature in the same PR, so that we can add test as well.

I started implementing setSecurity on this branch. It sadly doesn't work (the server responds with STATUS_INVALID_INFO_CLASS), and I can't find the problem easily.

Implementing setSecurity in an abstract way is also incredibly difficult. My current implementation (if it would work) isn't very useful.

I'd like to omit it from this PR. My time is unfortunately limited, and if it's something I need in the future, I'll be happy to open a PR.

I'll add some tests to check if the returned FileSecurityInfo is well formed.

principis avatar Jul 19 '22 11:07 principis

Thanks, give me some time to review and think. I will revisit this on this weekend.

hirochachacha avatar Jul 20 '22 05:07 hirochachacha

Take your time, thanks!

I've added a Security method on Share type, since that seemed necessary. Not sure if the other methods are still useful, but I'll let you decide! :)

principis avatar Jul 20 '22 10:07 principis

Hi, sorry for the delay. I did some investigation and I concluded that current Security/SetSecurity design doesn't work well because sacl and dacl require different permissions. Instead, I want to split its functionalities into 6 pieces.

func (f *File) GetDacl() (*ACL, error)
func (f *File) SetDacl(acl *ACL) error

func (f *File) GetSacl() (*ACL, error)
func (f *File) SetSacl(acl *ACL) error

func (f *File) GetOwner() (user, group *SID, err error)
func (f *File) SetOwner(user, group *SID) error

I rethought about exposing SID on the top package for convenience of encoding of SID. So, I want to introduce helper functions for SID

func MustSID(s string) *SID
func ParseSID(s string) (*SID, error)

we also need to add constants like SecurityDescriptor's control flags, AceType, AccessMask. because of current usage of dot import on the package, it will incur collisions. so we need to do refactoring.

There're a lot things to solve this issue. I made a draft on top of your work, but I need more time for investigations and tests.

hirochachacha avatar Jul 30 '22 08:07 hirochachacha

Sounds good! Let me know if you want me to help with something.

principis avatar Sep 08 '22 07:09 principis