Add desired delete permissions when opening directory #262
Conversation
dwelch-r7
changed the title
lib/ruby_smb/smb2/tree.rb
Outdated
| create_request.create_disposition = disposition | ||
|
|
||
| if read |
There was a problem hiding this comment.
I'll defer to @cdelafuente-r7 who might have more insights here on the ramifications of these changes 😄
There was a problem hiding this comment.
These flags seems to define if other processes are allowed to read, write or delete the file/directory that is opened by this request. The logic to set share access according to the value of read, write and delete arguments does not make a lot of sense to me, but I might be missing something.
That being said, I don't see a context where we want to disallow the access from other processes. Maybe having these 3 flags set by default, regardless of the value of the read, write and delete arguments, would be a good idea?
The problem here is that the user cannot customise the flags easily. He only calls open_directory without the possibility to customise the request. This is something we might want to improve at some point.
There was a problem hiding this comment.
Maybe having these 3 flags set by default, regardless of the value of the read, write and delete arguments, would be a good idea?
I think that would be a backwards breaking change 😄
I vote we could go for more granular kwargs for the new flags that you want to enable, so we don't break existing metasploit modules 👍
lib/ruby_smb/smb2/tree.rb
Outdated
| end | ||
|
|
||
| if write | ||
| create_request.share_access.write_access = 1 |
There was a problem hiding this comment.
I'm guessing there's no equivalent create_request.desired_access change needed here?
There was a problem hiding this comment.
yup, it's here in the file_access but not in directory_access
|
This might have broken psexec if we merge these changes, let's hold off on it |
dwelch-r7
force-pushed
the
add-util-open-directory
branch
from
c934283 to
d556637
Compare
Add utility to open a directory pin bindata to 2.4.15 until we sort out issues with 2.5.0 Use correct permissions for read/write/delete directories Remove open dir support in util add kwarg for desired delete access to a directory
dwelch-r7
force-pushed
the
add-util-open-directory
branch
from
d556637 to
487977c
Compare
this wasn't the issue with psexec as it turns out, made changes anyway to be more intentional with which ppermissions the user requests |
adfoster-r7
changed the title
Drafted while we debug some issues with psexec
Pins the bindata version to 2.4.15 as 2.5.0 introduces significant changes that aren't currently compatible with ruby smb
Also aligns the permissions set when openign a directory with those of opening a file
Used by rapid7/metasploit-framework#18895