CVS update: samba/source/rpc_parse
Tim Potter
tpot at samba.org
Wed Sep 25 17:28:34 EST 2002
On Wed, Sep 25, 2002 at 09:03:53AM +0200, Jean Francois Micouleau wrote:
> > Log Message:
> > A PRINTER_INFO_2 doesn't necessarily contain a security descriptor.
> > For example, Windows NT/2K doesn't return a secdesc for a enumprinters
> > level2 but Samba currently does. Fix by checking the offset is
> > non-zero before trying to unmarshall a security descriptor.
>
> uh ? you can do a enumprinters anonymously so samba is leaking security
> informations to anon users ! This time samba is worse than the other
> software it's communicating with ;-)
A good theory but not true. Windows simply doesn't set the security
descriptor when enumerating printers at level 2 regardless of whether
you connect anonymously or not.
#!/usr/bin/python
from samba import spoolss
p_anon = spoolss.openprinter("\\\\win2kdc1\\p")
p_auth = spoolss.openprinter("\\\\win2kdc1\\p",
creds = {"username": "user1", "domain": "win2kdom", "password": "user1"})
if p_anon.getprinter(level = 2).has_key('security_descriptor'):
print("has secdesc, getprinter anon")
if p_auth.getprinter(level = 2).has_key('security_descriptor'):
print("has secdesc, getprinter auth")
ep2 = spoolss.enumprinters("\\\\win2kdc1")['p']
if ep2.has_key('security_descriptor'):
print("has secdesc, enumprinters anon")
ep2 = spoolss.enumprinters("\\\\win2kdc1",
creds = {"username": "user1", "domain": "win2kdom", "password": "user1"})['p']
if ep2.has_key('security_descriptor'):
print("has secdesc, enumprinters auth")
[tpot at proforma:~]$ /tmp/level2_sec.py
has secdesc, getprinter anon
has secdesc, getprinter auth
More information about the samba-cvs
mailing list