diff options
| author | Andrew Tridgell <tridge@samba.org> | 2010-08-26 17:41:30 +1000 |
|---|---|---|
| committer | Andrew Tridgell <tridge@samba.org> | 2010-08-26 22:50:20 +1000 |
| commit | 331905216a22989973d00dbc612e90ffa010ff0e (patch) | |
| tree | 1db5800d0824e663950f226d4ea182c3c45e188d /source4/scripting/devel | |
| parent | 057a47130de16b3e8796a7d2dc92b2ceeddd8ab6 (diff) | |
| download | samba-331905216a22989973d00dbc612e90ffa010ff0e.tar.gz samba-331905216a22989973d00dbc612e90ffa010ff0e.tar.bz2 samba-331905216a22989973d00dbc612e90ffa010ff0e.zip | |
s4-devel: added enumprivs developer script
this enumerates all LSA privileges on a server
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source4/scripting/devel')
| -rwxr-xr-x | source4/scripting/devel/enumprivs | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/source4/scripting/devel/enumprivs b/source4/scripting/devel/enumprivs new file mode 100755 index 0000000000..6a040402ae --- /dev/null +++ b/source4/scripting/devel/enumprivs @@ -0,0 +1,58 @@ +#!/usr/bin/env python + +# script to enumerate LSA privileges on a server + +import sys +from optparse import OptionParser + +sys.path.insert(0, "bin/python") + +import samba +import samba.getopt as options +from samba.dcerpc import lsa, security + +def get_display_name(lsaconn, pol_handle, name): + '''get the display name for a privilege''' + string = lsa.String() + string.string = name + + (disp_names, ret_lang) = lsaconn.LookupPrivDisplayName(pol_handle, string, 0x409, 0) + return disp_names.string + + + + +########### main code ########### +if __name__ == "__main__": + parser = OptionParser("enumprivs [options] server") + sambaopts = options.SambaOptions(parser) + credopts = options.CredentialsOptionsDouble(parser) + parser.add_option_group(credopts) + + (opts, args) = parser.parse_args() + + lp = sambaopts.get_loadparm() + creds = credopts.get_credentials(lp) + + if len(args) != 1: + parser.error("You must supply a server") + + if not creds.authentication_requested(): + parser.error("You must supply credentials") + + server = args[0] + + binding_str = "ncacn_np:%s[print]" % server + + lsaconn = lsa.lsarpc(binding_str, lp, creds) + + objectAttr = lsa.ObjectAttribute() + objectAttr.sec_qos = lsa.QosInfo() + + pol_handle = lsaconn.OpenPolicy2(''.decode('utf-8'), + objectAttr, security.SEC_FLAG_MAXIMUM_ALLOWED) + + (handle, privs) = lsaconn.EnumPrivs(pol_handle, 0, 100) + for p in privs.privs: + disp_name = get_display_name(lsaconn, pol_handle, p.name.string) + print "0x%08x %31s \"%s\"" % (p.luid.low, p.name.string, disp_name) |