hierynomus / smbj

Server Message Block (SMB2, SMB3) implementation in Java
Other
713 stars 180 forks source link

Share level ACLs obtention #594

Closed mcondo closed 3 years ago

mcondo commented 3 years ago

Hi Regarding the comment on here https://github.com/hierynomus/smbj/issues/257#issuecomment-347778462

The file level ACL can be obtained using the DiskEntry#getSecurityInformation method. To get the share level ACL you need to an MS-SRVS RPC call. That's not supported by SMBJ itself yet and SMBJ-RPC doesn't seem to support the specific call you need (see https://github.com/rapid7/smbj-rpc/blob/master/src/main/java/com/rapid7/client/dcerpc/mssrvs/ServerService.java).

  • Is there any future plan for SMBJ to be able to get those share-level acls?
  • Do you know if there is any alternative to obtain those share-level acls?
hierynomus commented 3 years ago

Hi @mcondo,

Porting https://github.com/rapid7/smbj-rpc to be integrated in smbj is something that might be worth the effort, and then it would also be possible to support this usecase. However I could definitely use some help there as I'm rather short on time ;)

mcondo commented 3 years ago

Hi @hierynomus We were able to use rapid7/smb-rpc to get the share level acls. We made something like that:

      RPCTransport transport = SMBTransportFactories.SRVSVC.getTransport(session);
      ServerService serverService = new ServerService(transport);
      NetShareInfo502 share = serverService.getShare502("share");
      SMBBuffer buffer = new SMBBuffer(share.getSecurityDescriptor());
      SecurityDescriptor securityDescriptor = SecurityDescriptor.read(buffer);
      List<ACE> aces = securityDescriptor.getDacl().getAces();

Thanks!