From 1e45a2f8c95a72e5ee594b87bacfe5b29a317279 Mon Sep 17 00:00:00 2001 From: Nikody Keating Date: Tue, 22 Sep 2020 12:40:28 -0700 Subject: [PATCH 1/2] Adding updates to limit permission requests when making changes --- lib/api/exists.js | 2 +- lib/api/mkdir.js | 2 +- lib/api/readfile.js | 2 +- lib/api/rename.js | 2 +- lib/api/unlink.js | 2 +- lib/api/writefile.js | 2 +- lib/messages/create.js | 2 +- lib/messages/create_folder.js | 2 +- lib/messages/open.js | 2 +- 9 files changed, 9 insertions(+), 9 deletions(-) diff --git a/lib/api/exists.js b/lib/api/exists.js index f418ee1..0ea509b 100644 --- a/lib/api/exists.js +++ b/lib/api/exists.js @@ -19,7 +19,7 @@ module.exports = function(path, cb){ var connection = this; - SMB2Request('open', {path:path}, connection, function(err, file){ + SMB2Request('open', {path:path, access: 0x80000000 }, connection, function(err, file){ if(err) cb && cb(null, false); else SMB2Request('close', file, connection, function(err){ cb && cb(null, true); diff --git a/lib/api/mkdir.js b/lib/api/mkdir.js index 2ff4efc..b0c3e21 100644 --- a/lib/api/mkdir.js +++ b/lib/api/mkdir.js @@ -31,7 +31,7 @@ module.exports = function(path, mode, cb){ else if(!exists){ // SMB2 open file - SMB2Request('create_folder', {path:path}, connection, function(err, file){ + SMB2Request('create_folder', {path:path, access: 0x40000000}, connection, function(err, file){ if(err) cb && cb(err); // SMB2 query directory else SMB2Request('close', file, connection, function(err){ diff --git a/lib/api/readfile.js b/lib/api/readfile.js index b69d256..cd39a85 100644 --- a/lib/api/readfile.js +++ b/lib/api/readfile.js @@ -26,7 +26,7 @@ module.exports = function(filename, options, cb){ options = {}; } - SMB2Request('open', {path:filename}, connection, function(err, file){ + SMB2Request('open', {path:filename, access: 0x80000000}, connection, function(err, file){ if(err) cb && cb(err); // SMB2 read file content else { diff --git a/lib/api/rename.js b/lib/api/rename.js index 6b0626b..ffa9327 100644 --- a/lib/api/rename.js +++ b/lib/api/rename.js @@ -24,7 +24,7 @@ module.exports = function(oldPath, newPath, cb){ // SMB2 open the folder / file SMB2Request('open_folder', {path:oldPath}, connection, function(err, file){ - if(err) SMB2Request('open', {path:oldPath}, connection, function(err, file){ + if(err) SMB2Request('open', {path:oldPath, access: 0x40000000 }, connection, function(err, file){ if(err) cb && cb(err); else rename(connection, file, newPath, cb); }); diff --git a/lib/api/unlink.js b/lib/api/unlink.js index 5522867..625db0c 100644 --- a/lib/api/unlink.js +++ b/lib/api/unlink.js @@ -28,7 +28,7 @@ module.exports = function(path, cb){ else if(exists){ // SMB2 open file - SMB2Request('create', {path:path}, connection, function(err, file){ + SMB2Request('create', {path:path, access: 0x40000000}, connection, function(err, file){ if(err) cb && cb(err); // SMB2 query directory else SMB2Request('set_info', {FileId:file.FileId, FileInfoClass:'FileDispositionInformation',Buffer:(new bigint(1,1)).toBuffer()}, connection, function(err, files){ diff --git a/lib/api/writefile.js b/lib/api/writefile.js index 54bcbcd..1ec50b9 100644 --- a/lib/api/writefile.js +++ b/lib/api/writefile.js @@ -36,7 +36,7 @@ module.exports = function(filename, data, options, cb){ ; function createFile(fileCreated){ - SMB2Request('create', {path:filename}, connection, function(err, f){ + SMB2Request('create', {path:filename, access: 0x40000000 }, connection, function(err, f){ if(err) cb && cb(err); // SMB2 set file size else { diff --git a/lib/messages/create.js b/lib/messages/create.js index efffb0e..e49ee26 100644 --- a/lib/messages/create.js +++ b/lib/messages/create.js @@ -20,7 +20,7 @@ module.exports = message({ } , request:{ 'Buffer':buffer - , 'DesiredAccess':0x001701DF + , 'DesiredAccess': params.access == undefined? 0x001701DF : params.access , 'FileAttributes':0x00000080 , 'ShareAccess':0x00000000 , 'CreateDisposition':0x00000005 diff --git a/lib/messages/create_folder.js b/lib/messages/create_folder.js index a58f2a1..a513c2b 100644 --- a/lib/messages/create_folder.js +++ b/lib/messages/create_folder.js @@ -20,7 +20,7 @@ module.exports = message({ } , request:{ 'Buffer':buffer - , 'DesiredAccess':0x001701DF + , 'DesiredAccess': params.access == undefined? 0x001701DF : params.access , 'FileAttributes':0x00000000 , 'ShareAccess':0x00000000 , 'CreateDisposition':0x00000002 diff --git a/lib/messages/open.js b/lib/messages/open.js index 41456c1..b822197 100644 --- a/lib/messages/open.js +++ b/lib/messages/open.js @@ -20,7 +20,7 @@ module.exports = message({ } , request:{ 'Buffer':buffer - , 'DesiredAccess':0x001701DF + , 'DesiredAccess': params.access == undefined? 0x001701DF : params.access , 'NameOffset':0x0078 , 'CreateContextsOffset':0x007A+buffer.length } From c772832d19fd68b1a15433ec34423a6032d0c920 Mon Sep 17 00:00:00 2001 From: Nikody Keating Date: Tue, 22 Sep 2020 12:42:44 -0700 Subject: [PATCH 2/2] Updating readme with pointer to security masking --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index cd3d3cc..d01c215 100644 --- a/README.md +++ b/README.md @@ -173,6 +173,10 @@ This function will close the open connection if opened, it will be called automa Copyright (C) 2014 Microsoft http://msdn.microsoft.com/en-us/library/cc246482.aspx +### Permissions References + 2.2.13.1.2 Directory_Access_Mask + https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/0a5934b1-80f1-4da0-b1bf-5e021c309b71 + ## License (The MIT License)