CVS update: samba/source/rpc_parse

[Tim Potter]

On Wed, Sep 25, 2002 at 09:03:53AM +0200, Jean Francois Micouleau wrote:

> > Log Message:
> > A PRINTER_INFO_2 doesn't necessarily contain a security descriptor.
> > For example, Windows NT/2K doesn't return a secdesc for a enumprinters
> > level2 but Samba currently does.  Fix by checking the offset is
> > non-zero before trying to unmarshall a security descriptor.
> 
> uh ? you can do a enumprinters anonymously so samba is leaking security
> informations to anon users ! This time samba is worse than the other
> software it's communicating with ;-)

A good theory but not true.  Windows simply doesn't set the security
descriptor when enumerating printers at level 2 regardless of whether
you connect anonymously or not.

#!/usr/bin/python

from samba import spoolss

p_anon = spoolss.openprinter("\\\\win2kdc1\\p")

p_auth = spoolss.openprinter("\\\\win2kdc1\\p",
    creds = {"username": "user1", "domain": "win2kdom", "password": "user1"})

if p_anon.getprinter(level = 2).has_key('security_descriptor'):
    print("has secdesc, getprinter anon")

if p_auth.getprinter(level = 2).has_key('security_descriptor'):
    print("has secdesc, getprinter auth")

ep2 = spoolss.enumprinters("\\\\win2kdc1")['p']

if ep2.has_key('security_descriptor'):
    print("has secdesc, enumprinters anon")

ep2 = spoolss.enumprinters("\\\\win2kdc1",
    creds = {"username": "user1", "domain": "win2kdom", "password": "user1"})['p']

if ep2.has_key('security_descriptor'):
    print("has secdesc, enumprinters auth")

[tpot at proforma:~]$ /tmp/level2_sec.py 
has secdesc, getprinter anon
has secdesc, getprinter auth