source3/printing/nt_printing_tdb.c

   1 /*
   2  *  Unix SMB/CIFS implementation.
   3  *  RPC Pipe client / server routines
   4  *  Copyright (c) Andrew Tridgell              1992-2000,
   5  *  Copyright (c) Jean François Micouleau      1998-2000.
   6  *  Copyright (c) Gerald Carter                2002-2005.
   7  *  Copyright (c) Andreas Schneider            2010.
   8  *
   9  *  This program is free software; you can redistribute it and/or modify
  10  *  it under the terms of the GNU General Public License as published by
  11  *  the Free Software Foundation; either version 3 of the License, or
  12  *  (at your option) any later version.
  13  *
  14  *  This program is distributed in the hope that it will be useful,
  15  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  16  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17  *  GNU General Public License for more details.
  18  *
  19  *  You should have received a copy of the GNU General Public License
  20  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
  21  */
  22
  23 #include "includes.h"
  24 #include "system/filesys.h"
  25 #include "printing/nt_printing_tdb.h"
  26 #include "librpc/gen_ndr/spoolss.h"
  27 #include "librpc/gen_ndr/ndr_security.h"
  28 #include "libcli/security/security.h"
  29
  30 #define FORMS_PREFIX "FORMS/"
  31 #define DRIVERS_PREFIX "DRIVERS/"
  32 #define PRINTERS_PREFIX "PRINTERS/"
  33 #define SECDESC_PREFIX "SECDESC/"
  34
  35 #define NTDRIVERS_DATABASE_VERSION_1 1
  36 #define NTDRIVERS_DATABASE_VERSION_2 2
  37 #define NTDRIVERS_DATABASE_VERSION_3 3 /* little endian version of v2 */
  38 #define NTDRIVERS_DATABASE_VERSION_4 4 /* fix generic bits in security descriptors */
  39 #define NTDRIVERS_DATABASE_VERSION_5 5 /* normalize keys in ntprinters.tdb */
  40
  41 static TDB_CONTEXT *tdb_forms; /* used for forms files */
  42 static TDB_CONTEXT *tdb_drivers; /* used for driver files */
  43 static TDB_CONTEXT *tdb_printers; /* used for printers files */
  44
  45 /****************************************************************************
  46  generate a new TDB_DATA key for storing a printer
  47 ****************************************************************************/
  48
  49 static TDB_DATA make_printer_tdbkey(TALLOC_CTX *ctx, const char *sharename )
  50 {
  51         fstring share;
  52         char *keystr = NULL;
  53         TDB_DATA key;
  54
  55         fstrcpy(share, sharename);
  56         strlower_m(share);
  57
  58         keystr = talloc_asprintf(ctx, "%s%s", PRINTERS_PREFIX, share);
  59         key = string_term_tdb_data(keystr ? keystr : "");
  60
  61         return key;
  62 }
  63
  64 /****************************************************************************
  65  generate a new TDB_DATA key for storing a printer security descriptor
  66 ****************************************************************************/
  67
  68 static TDB_DATA make_printers_secdesc_tdbkey(TALLOC_CTX *ctx,
  69                                         const char* sharename  )
  70 {
  71         fstring share;
  72         char *keystr = NULL;
  73         TDB_DATA key;
  74
  75         fstrcpy(share, sharename );
  76         strlower_m(share);
  77
  78         keystr = talloc_asprintf(ctx, "%s%s", SECDESC_PREFIX, share);
  79         key = string_term_tdb_data(keystr ? keystr : "");
  80
  81         return key;
  82 }
  83
  84 /****************************************************************************
  85  Upgrade the tdb files to version 3
  86 ****************************************************************************/
  87
  88 static bool upgrade_to_version_3(void)
  89 {
  90         TDB_DATA kbuf, newkey, dbuf;
  91
  92         DEBUG(0,("upgrade_to_version_3: upgrading print tdb's to version 3\n"));
  93
  94         for (kbuf = tdb_firstkey(tdb_drivers); kbuf.dptr;
  95                         newkey = tdb_nextkey(tdb_drivers, kbuf), free(kbuf.dptr), kbuf=newkey) {
  96
  97                 dbuf = tdb_fetch(tdb_drivers, kbuf);
  98
  99                 if (strncmp((const char *)kbuf.dptr, FORMS_PREFIX, strlen(FORMS_PREFIX)) == 0) {
 100                         DEBUG(0,("upgrade_to_version_3:moving form\n"));
 101                         if (tdb_store(tdb_forms, kbuf, dbuf, TDB_REPLACE) != 0) {
 102                                 SAFE_FREE(dbuf.dptr);
 103                                 DEBUG(0,("upgrade_to_version_3: failed to move form. Error (%s).\n", tdb_errorstr(tdb_forms)));
 104                                 return False;
 105                         }
 106                         if (tdb_delete(tdb_drivers, kbuf) != 0) {
 107                                 SAFE_FREE(dbuf.dptr);
 108                                 DEBUG(0,("upgrade_to_version_3: failed to delete form. Error (%s)\n", tdb_errorstr(tdb_drivers)));
 109                                 return False;
 110                         }
 111                 }
 112
 113                 if (strncmp((const char *)kbuf.dptr, PRINTERS_PREFIX, strlen(PRINTERS_PREFIX)) == 0) {
 114                         DEBUG(0,("upgrade_to_version_3:moving printer\n"));
 115                         if (tdb_store(tdb_printers, kbuf, dbuf, TDB_REPLACE) != 0) {
 116                                 SAFE_FREE(dbuf.dptr);
 117                                 DEBUG(0,("upgrade_to_version_3: failed to move printer. Error (%s)\n", tdb_errorstr(tdb_printers)));
 118                                 return False;
 119                         }
 120                         if (tdb_delete(tdb_drivers, kbuf) != 0) {
 121                                 SAFE_FREE(dbuf.dptr);
 122                                 DEBUG(0,("upgrade_to_version_3: failed to delete printer. Error (%s)\n", tdb_errorstr(tdb_drivers)));
 123                                 return False;
 124                         }
 125                 }
 126
 127                 if (strncmp((const char *)kbuf.dptr, SECDESC_PREFIX, strlen(SECDESC_PREFIX)) == 0) {
 128                         DEBUG(0,("upgrade_to_version_3:moving secdesc\n"));
 129                         if (tdb_store(tdb_printers, kbuf, dbuf, TDB_REPLACE) != 0) {
 130                                 SAFE_FREE(dbuf.dptr);
 131                                 DEBUG(0,("upgrade_to_version_3: failed to move secdesc. Error (%s)\n", tdb_errorstr(tdb_printers)));
 132                                 return False;
 133                         }
 134                         if (tdb_delete(tdb_drivers, kbuf) != 0) {
 135                                 SAFE_FREE(dbuf.dptr);
 136                                 DEBUG(0,("upgrade_to_version_3: failed to delete secdesc. Error (%s)\n", tdb_errorstr(tdb_drivers)));
 137                                 return False;
 138                         }
 139                 }
 140
 141                 SAFE_FREE(dbuf.dptr);
 142         }
 143
 144         return True;
 145 }
 146
 147 /*******************************************************************
 148  Fix an issue with security descriptors.  Printer sec_desc must
 149  use more than the generic bits that were previously used
 150  in <= 3.0.14a.  They must also have a owner and group SID assigned.
 151  Otherwise, any printers than have been migrated to a Windows
 152  host using printmig.exe will not be accessible.
 153 *******************************************************************/
 154
 155 static int sec_desc_upg_fn( TDB_CONTEXT *the_tdb, TDB_DATA key,
 156                             TDB_DATA data, void *state )
 157 {
 158         NTSTATUS status;
 159         struct sec_desc_buf *sd_orig = NULL;
 160         struct sec_desc_buf *sd_new, *sd_store;
 161         struct security_descriptor *sec, *new_sec;
 162         TALLOC_CTX *ctx = state;
 163         int result, i;
 164         uint32 sd_size;
 165         size_t size_new_sec;
 166
 167         if (!data.dptr || data.dsize == 0) {
 168                 return 0;
 169         }
 170
 171         if ( strncmp((const char *) key.dptr, SECDESC_PREFIX, strlen(SECDESC_PREFIX) ) != 0 ) {
 172                 return 0;
 173         }
 174
 175         /* upgrade the security descriptor */
 176
 177         status = unmarshall_sec_desc_buf(ctx, data.dptr, data.dsize, &sd_orig);
 178         if (!NT_STATUS_IS_OK(status)) {
 179                 /* delete bad entries */
 180                 DEBUG(0,("sec_desc_upg_fn: Failed to parse original sec_desc for %si.  Deleting....\n",
 181                         (const char *)key.dptr ));
 182                 tdb_delete( tdb_printers, key );
 183                 return 0;
 184         }
 185
 186         if (!sd_orig) {
 187                 return 0;
 188         }
 189         sec = sd_orig->sd;
 190
 191         /* is this even valid? */
 192
 193         if ( !sec->dacl ) {
 194                 return 0;
 195         }
 196
 197         /* update access masks */
 198
 199         for ( i=0; i<sec->dacl->num_aces; i++ ) {
 200                 switch ( sec->dacl->aces[i].access_mask ) {
 201                         case (GENERIC_READ_ACCESS | GENERIC_WRITE_ACCESS | GENERIC_EXECUTE_ACCESS):
 202                                 sec->dacl->aces[i].access_mask = PRINTER_ACE_PRINT;
 203                                 break;
 204
 205                         case GENERIC_ALL_ACCESS:
 206                                 sec->dacl->aces[i].access_mask = PRINTER_ACE_FULL_CONTROL;
 207                                 break;
 208
 209                         case READ_CONTROL_ACCESS:
 210                                 sec->dacl->aces[i].access_mask = PRINTER_ACE_MANAGE_DOCUMENTS;
 211
 212                         default:        /* no change */
 213                                 break;
 214                 }
 215         }
 216
 217         /* create a new struct security_descriptor with the appropriate owner and group SIDs */
 218
 219         new_sec = make_sec_desc( ctx, SD_REVISION, SEC_DESC_SELF_RELATIVE,
 220                                  &global_sid_Builtin_Administrators,
 221                                  &global_sid_Builtin_Administrators,
 222                                  NULL, NULL, &size_new_sec );
 223         if (!new_sec) {
 224                 return 0;
 225         }
 226         sd_new = make_sec_desc_buf( ctx, size_new_sec, new_sec );
 227         if (!sd_new) {
 228                 return 0;
 229         }
 230
 231         if ( !(sd_store = sec_desc_merge_buf( ctx, sd_new, sd_orig )) ) {
 232                 DEBUG(0,("sec_desc_upg_fn: Failed to update sec_desc for %s\n", key.dptr ));
 233                 return 0;
 234         }
 235
 236         /* store it back */
 237
 238         sd_size = ndr_size_security_descriptor(sd_store->sd, 0)
 239                 + sizeof(struct sec_desc_buf);
 240
 241         status = marshall_sec_desc_buf(ctx, sd_store, &data.dptr, &data.dsize);
 242         if (!NT_STATUS_IS_OK(status)) {
 243                 DEBUG(0,("sec_desc_upg_fn: Failed to parse new sec_desc for %s\n", key.dptr ));
 244                 return 0;
 245         }
 246
 247         result = tdb_store( tdb_printers, key, data, TDB_REPLACE );
 248
 249         /* 0 to continue and non-zero to stop traversal */
 250
 251         return (result == -1);
 252 }
 253
 254 /*******************************************************************
 255  Upgrade the tdb files to version 4
 256 *******************************************************************/
 257
 258 static bool upgrade_to_version_4(void)
 259 {
 260         TALLOC_CTX *ctx;
 261         int result;
 262
 263         DEBUG(0,("upgrade_to_version_4: upgrading printer security descriptors\n"));
 264
 265         if ( !(ctx = talloc_init( "upgrade_to_version_4" )) )
 266                 return False;
 267
 268         result = tdb_traverse( tdb_printers, sec_desc_upg_fn, ctx );
 269
 270         talloc_destroy( ctx );
 271
 272         return ( result != -1 );
 273 }
 274
 275 /*******************************************************************
 276  Fix an issue with security descriptors.  Printer sec_desc must
 277  use more than the generic bits that were previously used
 278  in <= 3.0.14a.  They must also have a owner and group SID assigned.
 279  Otherwise, any printers than have been migrated to a Windows
 280  host using printmig.exe will not be accessible.
 281 *******************************************************************/
 282
 283 static int normalize_printers_fn( TDB_CONTEXT *the_tdb, TDB_DATA key,
 284                                   TDB_DATA data, void *state )
 285 {
 286         TALLOC_CTX *ctx = talloc_tos();
 287         TDB_DATA new_key;
 288
 289         if (!data.dptr || data.dsize == 0)
 290                 return 0;
 291
 292         /* upgrade printer records and security descriptors */
 293
 294         if ( strncmp((const char *) key.dptr, PRINTERS_PREFIX, strlen(PRINTERS_PREFIX) ) == 0 ) {
 295                 new_key = make_printer_tdbkey(ctx, (const char *)key.dptr+strlen(PRINTERS_PREFIX) );
 296         }
 297         else if ( strncmp((const char *) key.dptr, SECDESC_PREFIX, strlen(SECDESC_PREFIX) ) == 0 ) {
 298                 new_key = make_printers_secdesc_tdbkey(ctx, (const char *)key.dptr+strlen(SECDESC_PREFIX) );
 299         }
 300         else {
 301                 /* ignore this record */
 302                 return 0;
 303         }
 304
 305         /* delete the original record and store under the normalized key */
 306
 307         if ( tdb_delete( the_tdb, key ) != 0 ) {
 308                 DEBUG(0,("normalize_printers_fn: tdb_delete for [%s] failed!\n",
 309                         key.dptr));
 310                 return 1;
 311         }
 312
 313         if ( tdb_store( the_tdb, new_key, data, TDB_REPLACE) != 0 ) {
 314                 DEBUG(0,("normalize_printers_fn: failed to store new record for [%s]!\n",
 315                         key.dptr));
 316                 return 1;
 317         }
 318
 319         return 0;
 320 }
 321
 322 /*******************************************************************
 323  Upgrade the tdb files to version 5
 324 *******************************************************************/
 325
 326 static bool upgrade_to_version_5(void)
 327 {
 328         TALLOC_CTX *ctx;
 329         int result;
 330
 331         DEBUG(0,("upgrade_to_version_5: normalizing printer keys\n"));
 332
 333         if ( !(ctx = talloc_init( "upgrade_to_version_5" )) )
 334                 return False;
 335
 336         result = tdb_traverse( tdb_printers, normalize_printers_fn, NULL );
 337
 338         talloc_destroy( ctx );
 339
 340         return ( result != -1 );
 341 }
 342
 343 bool nt_printing_tdb_upgrade(void)
 344 {
 345         const char *drivers_path = state_path("ntdrivers.tdb");
 346         const char *printers_path = state_path("ntprinters.tdb");
 347         const char *forms_path = state_path("ntforms.tdb");
 348         bool drivers_exists = file_exist(drivers_path);
 349         bool printers_exists = file_exist(printers_path);
 350         bool forms_exists = file_exist(forms_path);
 351         const char *vstring = "INFO/version";
 352         int32_t vers_id;
 353
 354         if (!drivers_exists && !printers_exists && !forms_exists) {
 355                 return true;
 356         }
 357
 358         tdb_drivers = tdb_open_log(drivers_path,
 359                                    0,
 360                                    TDB_DEFAULT,
 361                                    O_RDWR|O_CREAT,
 362                                    0600);
 363         if (tdb_drivers == NULL) {
 364                 DEBUG(0,("nt_printing_init: Failed to open nt drivers "
 365                          "database %s (%s)\n",
 366                          drivers_path, strerror(errno)));
 367                 return false;
 368         }
 369
 370         tdb_printers = tdb_open_log(printers_path,
 371                                     0,
 372                                     TDB_DEFAULT,
 373                                     O_RDWR|O_CREAT,
 374                                     0600);
 375         if (tdb_printers == NULL) {
 376                 DEBUG(0,("nt_printing_init: Failed to open nt printers "
 377                          "database %s (%s)\n",
 378                          printers_path, strerror(errno)));
 379                 return false;
 380         }
 381
 382         tdb_forms = tdb_open_log(forms_path,
 383                                  0,
 384                                  TDB_DEFAULT,
 385                                  O_RDWR|O_CREAT,
 386                                  0600);
 387         if (tdb_forms == NULL) {
 388                 DEBUG(0,("nt_printing_init: Failed to open nt forms "
 389                          "database %s (%s)\n",
 390                          forms_path, strerror(errno)));
 391                 return false;
 392         }
 393
 394         /* Samba upgrade */
 395         vers_id = tdb_fetch_int32(tdb_drivers, vstring);
 396         if (vers_id == -1) {
 397                 DEBUG(10, ("Fresh database\n"));
 398                 tdb_store_int32(tdb_drivers, vstring, NTDRIVERS_DATABASE_VERSION_5);
 399                 vers_id = NTDRIVERS_DATABASE_VERSION_5;
 400         }
 401
 402         if (vers_id != NTDRIVERS_DATABASE_VERSION_5) {
 403                 if ((vers_id == NTDRIVERS_DATABASE_VERSION_1) ||
 404                     (IREV(vers_id) == NTDRIVERS_DATABASE_VERSION_1)) {
 405                         if (!upgrade_to_version_3()) {
 406                                 return false;
 407                         }
 408
 409                         tdb_store_int32(tdb_drivers, vstring, NTDRIVERS_DATABASE_VERSION_3);
 410                         vers_id = NTDRIVERS_DATABASE_VERSION_3;
 411                 }
 412
 413                 if ((vers_id == NTDRIVERS_DATABASE_VERSION_2) ||
 414                     (IREV(vers_id) == NTDRIVERS_DATABASE_VERSION_2)) {
 415                         /*
 416                          * Written on a bigendian machine with old fetch_int
 417                          * code. Save as le. The only upgrade between V2 and V3
 418                          * is to save the version in little-endian.
 419                          */
 420                         tdb_store_int32(tdb_drivers, vstring, NTDRIVERS_DATABASE_VERSION_3);
 421                         vers_id = NTDRIVERS_DATABASE_VERSION_3;
 422                 }
 423
 424                 if (vers_id == NTDRIVERS_DATABASE_VERSION_3) {
 425                         if (!upgrade_to_version_4()) {
 426                                 return false;
 427                         }
 428                         tdb_store_int32(tdb_drivers, vstring, NTDRIVERS_DATABASE_VERSION_4);
 429                         vers_id = NTDRIVERS_DATABASE_VERSION_4;
 430                 }
 431
 432                 if (vers_id == NTDRIVERS_DATABASE_VERSION_4 ) {
 433                         if (!upgrade_to_version_5()) {
 434                                 return false;
 435                         }
 436                         tdb_store_int32(tdb_drivers, vstring, NTDRIVERS_DATABASE_VERSION_5);
 437                         vers_id = NTDRIVERS_DATABASE_VERSION_5;
 438                 }
 439
 440                 if (vers_id != NTDRIVERS_DATABASE_VERSION_5) {
 441                         DEBUG(0,("nt_printing_init: Unknown printer database version [%d]\n", vers_id));
 442                         return false;
 443                 }
 444         }
 445
 446         if (tdb_drivers) {
 447                 tdb_close(tdb_drivers);
 448                 tdb_drivers = NULL;
 449         }
 450
 451         if (tdb_printers) {
 452                 tdb_close(tdb_printers);
 453                 tdb_printers = NULL;
 454         }
 455
 456         if (tdb_forms) {
 457                 tdb_close(tdb_forms);
 458                 tdb_forms = NULL;
 459         }
 460
 461         return true;
 462 }