| 1 | #!/usr/bin/env python
|
|---|
| 2 | #
|
|---|
| 3 | # Get or set the security descriptor on a printer
|
|---|
| 4 | #
|
|---|
| 5 |
|
|---|
| 6 | import sys, re, string
|
|---|
| 7 | from samba import spoolss
|
|---|
| 8 |
|
|---|
| 9 | if len(sys.argv) != 3:
|
|---|
| 10 | print "Usage: psec.py getsec|setsec printername"
|
|---|
| 11 | sys.exit(1)
|
|---|
| 12 |
|
|---|
| 13 | op = sys.argv[1]
|
|---|
| 14 | printername = sys.argv[2]
|
|---|
| 15 |
|
|---|
| 16 | # Display security descriptor
|
|---|
| 17 |
|
|---|
| 18 | if op == "getsec":
|
|---|
| 19 |
|
|---|
| 20 | try:
|
|---|
| 21 | hnd = spoolss.openprinter(printername)
|
|---|
| 22 | except:
|
|---|
| 23 | print "error opening printer %s" % printername
|
|---|
| 24 | sys.exit(1)
|
|---|
| 25 |
|
|---|
| 26 | secdesc = hnd.getprinter(level = 3)["security_descriptor"]
|
|---|
| 27 |
|
|---|
| 28 | print secdesc["owner_sid"]
|
|---|
| 29 | print secdesc["group_sid"]
|
|---|
| 30 |
|
|---|
| 31 | for acl in secdesc["dacl"]["ace_list"]:
|
|---|
| 32 | print "%d %d 0x%08x %s" % (acl["type"], acl["flags"],
|
|---|
| 33 | acl["mask"], acl["trustee"])
|
|---|
| 34 |
|
|---|
| 35 | spoolss.closeprinter(hnd)
|
|---|
| 36 |
|
|---|
| 37 | sys.exit(0)
|
|---|
| 38 |
|
|---|
| 39 | # Set security descriptor
|
|---|
| 40 |
|
|---|
| 41 | if op == "setsec":
|
|---|
| 42 |
|
|---|
| 43 | # Open printer
|
|---|
| 44 |
|
|---|
| 45 | try:
|
|---|
| 46 | hnd = spoolss.openprinter(printername,
|
|---|
| 47 | creds = {"domain": "NPSD-TEST2",
|
|---|
| 48 | "username": "Administrator",
|
|---|
| 49 | "password": "penguin"})
|
|---|
| 50 | except:
|
|---|
| 51 | print "error opening printer %s" % printername
|
|---|
| 52 | sys.exit(1)
|
|---|
| 53 |
|
|---|
| 54 | # Read lines from standard input and build security descriptor
|
|---|
| 55 |
|
|---|
| 56 | lines = sys.stdin.readlines()
|
|---|
| 57 |
|
|---|
| 58 | secdesc = {}
|
|---|
| 59 |
|
|---|
| 60 | secdesc["owner_sid"] = lines[0]
|
|---|
| 61 | secdesc["group_sid"] = lines[1]
|
|---|
| 62 |
|
|---|
| 63 | secdesc["revision"] = 1
|
|---|
| 64 | secdesc["dacl"] = {}
|
|---|
| 65 | secdesc["dacl"]["revision"] = 2
|
|---|
| 66 | secdesc["dacl"]["ace_list"] = []
|
|---|
| 67 |
|
|---|
| 68 | for acl in lines[2:]:
|
|---|
| 69 | match = re.match("(\d+) (\d+) (0[xX][\dA-Fa-f]+) (\S+)", acl)
|
|---|
| 70 | secdesc["dacl"]["ace_list"].append(
|
|---|
| 71 | {"type": int(match.group(1)), "flags": int(match.group(2)),
|
|---|
| 72 | "mask": string.atoi(match.group(3), 0), "trustee": match.group(4)})
|
|---|
| 73 |
|
|---|
| 74 | # Build info3 structure
|
|---|
| 75 |
|
|---|
| 76 | info3 = {}
|
|---|
| 77 |
|
|---|
| 78 | info3["flags"] = 0x8004 # self-relative, dacl present
|
|---|
| 79 | info3["level"] = 3
|
|---|
| 80 | info3["security_descriptor"] = secdesc
|
|---|
| 81 |
|
|---|
| 82 | hnd.setprinter(info3)
|
|---|
| 83 |
|
|---|
| 84 | spoolss.closeprinter(hnd)
|
|---|
| 85 | sys.exit(0)
|
|---|
| 86 |
|
|---|
| 87 | print "invalid operation %s" % op
|
|---|
| 88 | sys.exit(1)
|
|---|
