1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
|
#!/usr/bin/env python
#
# Get or set the security descriptor on a printer
#
import sys, re, string
from samba import spoolss
if len(sys.argv) != 3:
print "Usage: psec.py getsec|setsec printername"
sys.exit(1)
op = sys.argv[1]
printername = sys.argv[2]
# Display security descriptor
if op == "getsec":
try:
hnd = spoolss.openprinter(printername)
except:
print "error opening printer %s" % printername
sys.exit(1)
secdesc = hnd.getprinter(level = 3)["security_descriptor"]
print secdesc["owner_sid"]
print secdesc["group_sid"]
for acl in secdesc["dacl"]["ace_list"]:
print "%d %d 0x%08x %s" % (acl["type"], acl["flags"],
acl["mask"], acl["trustee"])
spoolss.closeprinter(hnd)
sys.exit(0)
# Set security descriptor
if op == "setsec":
# Open printer
try:
hnd = spoolss.openprinter(printername,
creds = {"domain": "NPSD-TEST2",
"username": "Administrator",
"password": "penguin"})
except:
print "error opening printer %s" % printername
sys.exit(1)
# Read lines from standard input and build security descriptor
lines = sys.stdin.readlines()
secdesc = {}
secdesc["owner_sid"] = lines[0]
secdesc["group_sid"] = lines[1]
secdesc["revision"] = 1
secdesc["dacl"] = {}
secdesc["dacl"]["revision"] = 2
secdesc["dacl"]["ace_list"] = []
for acl in lines[2:]:
match = re.match("(\d+) (\d+) (0[xX][\dA-Fa-f]+) (\S+)", acl)
secdesc["dacl"]["ace_list"].append(
{"type": int(match.group(1)), "flags": int(match.group(2)),
"mask": string.atoi(match.group(3), 0), "trustee": match.group(4)})
# Build info3 structure
info3 = {}
info3["flags"] = 0x8004 # self-relative, dacl present
info3["level"] = 3
info3["security_descriptor"] = secdesc
hnd.setprinter(info3)
spoolss.closeprinter(hnd)
sys.exit(0)
print "invalid operation %s" % op
sys.exit(1)
|
