retr_file permissions issue in smb.py

[GoogleCodeExporter]

What steps will reproduce the problem?

1. Authenticate to read only share using smbclient.py
2. Attempt to download a file
3. Get ACCESS_DENIED error

What is the expected output? What do you see instead?

Using the native Linux tool 'smbclient' I followed the same procedure as above, 
and was able to download the file without issue.  I expected 'smbclint.py' 
(indirectly smb.py and the retr_file method) to perform identically, but it did 
not.  

The SMB source is running  Windows XP VM (so SMBv1)

What version of the product are you using? On what operating system?
February 2014: 0.9.11
The issue was reproduced on OS X 10.7.5 and Kali (Linux kali 3.12-kali1-amd64 
#1 SMP Debian 3.12.6-2kali1 (2014-01-06) x86_64 GNU/Linux) using the example 
'smbclient.py' program.

I'm not sure if this is truly a bug or not - but the behavior I noticed was 
inconsistent with the behavior of a vanilla 'smbclient' against the same host.

Original issue reported on code.google.com by ShawnDEv...@gmail.com on 5 Jun 2014 at 8:16

[GoogleCodeExporter]

Hey Shawn:

Thanks for the bug report.. I'll try to reproduce the bug you're pointing out 
and I'll get back to you.. By any chance, did you test it under a newer OS 
(trying to understand whether the problem would happen at the smb2/3 layer too).

cheers,
beto

Original comment by bet...@gmail.com on 5 Jun 2014 at 8:28

[GoogleCodeExporter]

If needed I can provide a PCAP of the native LInux tool (smbclient) as well as 
smbclient.py as a basis for comparison.  

Original comment by ShawnDEv...@gmail.com on 5 Jun 2014 at 8:28

[GoogleCodeExporter]

Yes please! :)

Original comment by bet...@gmail.com on 5 Jun 2014 at 8:29

[GoogleCodeExporter]

Point of fact I haven't tried it using SMB2/3.  I'll fire up a Win7 VM and run 
a similar test.  I'll let you know what I find out.  My initial suspicion was 
that it was in fact related to SMBv1.  

Original comment by ShawnDEv...@gmail.com on 5 Jun 2014 at 8:30

[GoogleCodeExporter]

PCAPs attached!  Thanks for the swift response!

Original comment by ShawnDEv...@gmail.com on 5 Jun 2014 at 8:37

Attachments:

• smbv1_access_denied.zip

[GoogleCodeExporter]

Using a similar configuration in Win7 everything works as expected.  The remote 
file downloaded without issue.

Original comment by ShawnDEv...@gmail.com on 5 Jun 2014 at 9:11

[GoogleCodeExporter]

Shawn:

Indeed.. retr_file() (only in smb.py /v1) is trying to open the file (through 
nt_create_andx()) with write permissions. 
Actually nt_create_andx didn't accept any accessMask bits so I added that... 

I'm attaching you a new smb.py file.. could you please check it under your 
configuration? I'm gonna run the test cases here just to be sure everything's 
fine.

be sure to set the pythonpath to the right place so this smb.py is lodaded. If 
you have problems with this let me know..

thanks!
beto

Original comment by bet...@gmail.com on 5 Jun 2014 at 9:13

Attachments:

• smb.py

[GoogleCodeExporter]

Flawless victory!  That did the trick!!!!!  WinXP (smbv1) downloads are now 
working without issue.  Thanks again for the prompt response. 

Original comment by ShawnDEv...@gmail.com on 5 Jun 2014 at 9:21

[GoogleCodeExporter]

Awesome!.. Thanks to you Shawn for taking the time to report this issue.. 

I'll update trunk tomorrow with this change.. 

Let me know if you find something else.. and enjoy impacket :)

beto

Original comment by bet...@gmail.com on 5 Jun 2014 at 9:24

[GoogleCodeExporter]

Fixed in http://code.google.com/p/impacket/source/detail?r=1228

Original comment by bet...@gmail.com on 5 Jun 2014 at 10:29

• Changed state: Fixed

[GoogleCodeExporter]

I seriously <3 impacket! (regards to pysmb) Thanks again for the swift action.  
It made me feel less crazy almost immediately :).

Original comment by ShawnDEv...@gmail.com on 6 Jun 2014 at 1:19

[GoogleCodeExporter]

thanks for the good vibes :).. Craziness is welcome don't worry.. jump in here 
anytime if you need something..

beto

Original comment by bet...@gmail.com on 6 Jun 2014 at 1:33